General
-
Target
9c1239bb4fe8eec6acbe9c05ffccfcb21b80a8d47f4dc450dd397a8ad929a0f5
-
Size
3.2MB
-
Sample
220327-1mw8padcg8
-
MD5
97c8be4ed9625e74a216dfb8d19d324c
-
SHA1
f52348e8024c80003fe1d8b9472c0e0f7faa1afc
-
SHA256
9c1239bb4fe8eec6acbe9c05ffccfcb21b80a8d47f4dc450dd397a8ad929a0f5
-
SHA512
ae01815e0b3facdccd8f122afb7123e3e2b6e64c0d353744426794ef47823beda4e51dfab4f0553e3197f880a3afecac9860d4d3074928bb12465d0d492db970
Malware Config
Targets
-
-
Target
9c1239bb4fe8eec6acbe9c05ffccfcb21b80a8d47f4dc450dd397a8ad929a0f5
-
Size
3.2MB
-
MD5
97c8be4ed9625e74a216dfb8d19d324c
-
SHA1
f52348e8024c80003fe1d8b9472c0e0f7faa1afc
-
SHA256
9c1239bb4fe8eec6acbe9c05ffccfcb21b80a8d47f4dc450dd397a8ad929a0f5
-
SHA512
ae01815e0b3facdccd8f122afb7123e3e2b6e64c0d353744426794ef47823beda4e51dfab4f0553e3197f880a3afecac9860d4d3074928bb12465d0d492db970
Score10/10-
LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
-
Detected Stratum cryptominer command
Looks to be attempting to contact Stratum mining pool.
-
LoaderBot executable
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Cryptocurrency Miner
Makes network request to known mining pool URL.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-