fakeav | 0a3086a6cbc51487a53f674b59dc992675b5cf2e8b8f40de969d7796368beaf9 | Triage

Submit
Reports

Overview

overview

Static

static

0a3086a6cb...f9.exe

windows7_x64

0a3086a6cb...f9.exe

windows10_x64

Sharing

General

Target

0a3086a6cbc51487a53f674b59dc992675b5cf2e8b8f40de969d7796368beaf9
Size

5.8MB
Sample

210517-pvgestz8j2
MD5

b5b42d4db0c57736ed3558311d988165
SHA1

e78184b51c2b2b9e233f8743936d32af854228c1
SHA256

0a3086a6cbc51487a53f674b59dc992675b5cf2e8b8f40de969d7796368beaf9
SHA512

6457e31f94ff849c68449850b18e66224c29394eca8fb0d286e345f33d93e9d84d6989dd4529320ab80d46902ae0bd124dea6fa88e7330336a661f4428991030

Score

10^/10

fakeav xmrig fakeav miner persistence spyware

Static task

static1

fakeav spyware fakeav

Behavioral task

behavioral1

Sample

0a3086a6cbc51487a53f674b59dc992675b5cf2e8b8f40de969d7796368beaf9.exe

Resource

win7v20210408

fakeav xmrig fakeav miner persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0a3086a6cbc51487a53f674b59dc992675b5cf2e8b8f40de969d7796368beaf9.exe

Resource

win10v20210408

fakeav xmrig fakeav miner persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0a3086a6cbc51487a53f674b59dc992675b5cf2e8b8f40de969d7796368beaf9
- Size
  
  5.8MB
- MD5
  
  b5b42d4db0c57736ed3558311d988165
- SHA1
  
  e78184b51c2b2b9e233f8743936d32af854228c1
- SHA256
  
  0a3086a6cbc51487a53f674b59dc992675b5cf2e8b8f40de969d7796368beaf9
- SHA512
  
  6457e31f94ff849c68449850b18e66224c29394eca8fb0d286e345f33d93e9d84d6989dd4529320ab80d46902ae0bd124dea6fa88e7330336a661f4428991030
Score

10^/10

fakeav xmrig fakeav miner persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- FakeAV payload
  fakeav spyware
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavxmrigfakeavminerpersistencespyware

behavioral2

fakeavxmrigfakeavminerpersistencespyware

© 2018-2025

Terms | Privacy