fakeav | f9bfb620db6ee494df0bdb5b49c4ba29db3cc04ebfaff2c8bfd611a21b34e3f5 | Triage

Submit
Reports

Overview

overview

Static

static

f9bfb620db...f5.exe

windows7_x64

f9bfb620db...f5.exe

windows10_x64

Sharing

General

Target

f9bfb620db6ee494df0bdb5b49c4ba29db3cc04ebfaff2c8bfd611a21b34e3f5
Size

1.4MB
Sample

210517-khbcyak4xj
MD5

9a8b3cee341648265d30a65402015a63
SHA1

0b6dc283d6b38f45d22567f3a61d34edff5f5ad2
SHA256

f9bfb620db6ee494df0bdb5b49c4ba29db3cc04ebfaff2c8bfd611a21b34e3f5
SHA512

a10cff02d6153dbf37aaf767826a8024620fac097c0164cf0d70cc880f03435c492976708f53a7c7950508fcab92fa2ec3971621555aaaf039fe2138bca45984

Score

10^/10

fakeav xmrig fakeav miner persistence spyware

Static task

static1

fakeav spyware fakeav

Behavioral task

behavioral1

Sample

f9bfb620db6ee494df0bdb5b49c4ba29db3cc04ebfaff2c8bfd611a21b34e3f5.exe

Resource

win7v20210408

fakeav xmrig fakeav miner persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f9bfb620db6ee494df0bdb5b49c4ba29db3cc04ebfaff2c8bfd611a21b34e3f5.exe

Resource

win10v20210410

fakeav xmrig fakeav miner persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f9bfb620db6ee494df0bdb5b49c4ba29db3cc04ebfaff2c8bfd611a21b34e3f5
- Size
  
  1.4MB
- MD5
  
  9a8b3cee341648265d30a65402015a63
- SHA1
  
  0b6dc283d6b38f45d22567f3a61d34edff5f5ad2
- SHA256
  
  f9bfb620db6ee494df0bdb5b49c4ba29db3cc04ebfaff2c8bfd611a21b34e3f5
- SHA512
  
  a10cff02d6153dbf37aaf767826a8024620fac097c0164cf0d70cc880f03435c492976708f53a7c7950508fcab92fa2ec3971621555aaaf039fe2138bca45984
Score

10^/10

fakeav xmrig fakeav miner persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- FakeAV payload
  fakeav spyware
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavxmrigfakeavminerpersistencespyware

behavioral2

fakeavxmrigfakeavminerpersistencespyware

© 2018-2025

Terms | Privacy