Overview

overview

10

Static

static

10

e25fc11ebb...31.exe

windows7_x64

10

e25fc11ebb...31.exe

windows10_x64

10

Resubmissions

25-06-2021 20:04

210625-ntbn6nn8gs 10

15-05-2021 08:01

210515-sf5yakr77j 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e25fc11ebbd8f03cdcd134eff82b837635e5d541bf6fc816db372f624136b031

  • Size

    724KB

  • Sample

    210625-ntbn6nn8gs

  • MD5

    3f386186f09c290c5037208543952e20

  • SHA1

    8d95f25d5618fe35f48d00f5ce1f1fc74b147d1d

  • SHA256

    e25fc11ebbd8f03cdcd134eff82b837635e5d541bf6fc816db372f624136b031

  • SHA512

    90fcbefeca4056f655368bdbe8167a8ce8030cf51895ac91527a1f13f0e1aec8f4847ad4bbf5751d1eb0fd8ac0397d5ed7995066e72b6f41b2079ee72157a54b

Score
10/10
fakeavxmrigfakeavminerpersistencespyware

Malware Config

Targets

    • Target

      e25fc11ebbd8f03cdcd134eff82b837635e5d541bf6fc816db372f624136b031

    • Size

      724KB

    • MD5

      3f386186f09c290c5037208543952e20

    • SHA1

      8d95f25d5618fe35f48d00f5ce1f1fc74b147d1d

    • SHA256

      e25fc11ebbd8f03cdcd134eff82b837635e5d541bf6fc816db372f624136b031

    • SHA512

      90fcbefeca4056f655368bdbe8167a8ce8030cf51895ac91527a1f13f0e1aec8f4847ad4bbf5751d1eb0fd8ac0397d5ed7995066e72b6f41b2079ee72157a54b

    Score
    10/10
    fakeavxmrigfakeavminerpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • FakeAV payload

      fakeavspyware

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks