loaderbot

General

Target

db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820
Size

1.6MB
Sample

220314-b4hn7adfdj
MD5

4017606e11e4713b64376e2370e2af1b
SHA1

008767b820c9b20f1f372649c037529b5639c163
SHA256

db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820
SHA512

0892083dc4d8c4e0678575a50fec988128fc4cb6cf9406557abab6283c04ed38e37d04b16c0acf3321a2c584c782a48295031dd395008de6e8c6c93cec3e0715

Score

10^/10

Malware Config

Targets

- Target
  
  db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820
- Size
  
  1.6MB
- MD5
  
  4017606e11e4713b64376e2370e2af1b
- SHA1
  
  008767b820c9b20f1f372649c037529b5639c163
- SHA256
  
  db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820
- SHA512
  
  0892083dc4d8c4e0678575a50fec988128fc4cb6cf9406557abab6283c04ed38e37d04b16c0acf3321a2c584c782a48295031dd395008de6e8c6c93cec3e0715
Score

10^/10

loaderbot discovery loader miner persistence
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- LoaderBot executable
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detected Stratum cryptominer command

LoaderBot executable

Nirsoft

Executes dropped EXE

Checks computer location settings

Cryptocurrency Miner

Drops startup file

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2