General

  • Target

    895f668cf5e15e30971ef536e0862cd44a930d723021414cd931cb7c6cb49ad3

  • Size

    724KB

  • Sample

    210518-5ty6veq8aj

  • MD5

    d66332cc0cdd62be9caced615aa1ced1

  • SHA1

    5ed1c9bcd950dd871c7d8eade9e64c7ce8596772

  • SHA256

    895f668cf5e15e30971ef536e0862cd44a930d723021414cd931cb7c6cb49ad3

  • SHA512

    eda1597c70ad27844117dac6a54df4701e00909dc86d5f725e6a4fd56c243a25199483b842122dfdd919606947f1b5db1eb498da1697192ff66e4c74b5a255bd

Malware Config

Targets

    • Target

      895f668cf5e15e30971ef536e0862cd44a930d723021414cd931cb7c6cb49ad3

    • Size

      724KB

    • MD5

      d66332cc0cdd62be9caced615aa1ced1

    • SHA1

      5ed1c9bcd950dd871c7d8eade9e64c7ce8596772

    • SHA256

      895f668cf5e15e30971ef536e0862cd44a930d723021414cd931cb7c6cb49ad3

    • SHA512

      eda1597c70ad27844117dac6a54df4701e00909dc86d5f725e6a4fd56c243a25199483b842122dfdd919606947f1b5db1eb498da1697192ff66e4c74b5a255bd

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • FakeAV payload

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks