fakeav | c6614fd8f20fed9dedc4dd38efd4e245b7844d9f036d6354cc32c397d9fc36c7 | Triage

Submit
Reports

Overview

overview

Static

static

c6614fd8f2...c7.exe

windows7_x64

c6614fd8f2...c7.exe

windows10_x64

Sharing

General

Target

c6614fd8f20fed9dedc4dd38efd4e245b7844d9f036d6354cc32c397d9fc36c7
Size

724KB
Sample

210517-fb9tcq58f2
MD5

e93a82efb1832bf608bf0f6f495d704a
SHA1

03b878d94761a559964abd80a22c15f6741f9846
SHA256

c6614fd8f20fed9dedc4dd38efd4e245b7844d9f036d6354cc32c397d9fc36c7
SHA512

c739c553d975b7a54e4045e36d8a601cf9c7c35047e161adf9a243566d14b1dcd613965c40922849bc06a9a97dab571cb0946c865059ba17a63c355adb7baf95

Score

10^/10

fakeav xmrig fakeav miner persistence spyware

Static task

static1

fakeav spyware fakeav

Behavioral task

behavioral1

Sample

c6614fd8f20fed9dedc4dd38efd4e245b7844d9f036d6354cc32c397d9fc36c7.exe

Resource

win7v20210410

fakeav xmrig fakeav miner persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c6614fd8f20fed9dedc4dd38efd4e245b7844d9f036d6354cc32c397d9fc36c7.exe

Resource

win10v20210408

fakeav xmrig fakeav miner persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c6614fd8f20fed9dedc4dd38efd4e245b7844d9f036d6354cc32c397d9fc36c7
- Size
  
  724KB
- MD5
  
  e93a82efb1832bf608bf0f6f495d704a
- SHA1
  
  03b878d94761a559964abd80a22c15f6741f9846
- SHA256
  
  c6614fd8f20fed9dedc4dd38efd4e245b7844d9f036d6354cc32c397d9fc36c7
- SHA512
  
  c739c553d975b7a54e4045e36d8a601cf9c7c35047e161adf9a243566d14b1dcd613965c40922849bc06a9a97dab571cb0946c865059ba17a63c355adb7baf95
Score

10^/10

fakeav xmrig fakeav miner persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- FakeAV payload
  fakeav spyware
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavxmrigfakeavminerpersistencespyware

behavioral2

fakeavxmrigfakeavminerpersistencespyware

© 2018-2025

Terms | Privacy