loaderbot | fd76e8e1f0c3261b50f20fa921b782df82544255d34bc9e21f0bb8beaf31bc12 | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7_x64

tmp.exe

windows10-2004_x64

Sharing

General

Target

tmp
Size

11.1MB
Sample

220409-27t5haeac9
MD5

a1188df640d34bda4872725259e7745e
SHA1

4a87bacdf63c6dc8dbef467bc735d3165b9051fe
SHA256

fd76e8e1f0c3261b50f20fa921b782df82544255d34bc9e21f0bb8beaf31bc12
SHA512

353ef676f8743249b9b2923ac9d9f31e6fb6173b9f2c2487e4215bc68c085582998d3c36d736f3b4575799e097f4fc8fc568ac1399bcd49e62fd2ebf1d753f22

Score

10^/10

loaderbot loader miner persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220331-en

loaderbot loader miner persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-en-20220113

loaderbot loader miner persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  11.1MB
- MD5
  
  a1188df640d34bda4872725259e7745e
- SHA1
  
  4a87bacdf63c6dc8dbef467bc735d3165b9051fe
- SHA256
  
  fd76e8e1f0c3261b50f20fa921b782df82544255d34bc9e21f0bb8beaf31bc12
- SHA512
  
  353ef676f8743249b9b2923ac9d9f31e6fb6173b9f2c2487e4215bc68c085582998d3c36d736f3b4575799e097f4fc8fc568ac1399bcd49e62fd2ebf1d753f22
Score

10^/10

loaderbot loader miner persistence spyware stealer
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- LoaderBot executable
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

loaderbotloaderminerpersistencespywarestealer

behavioral2

loaderbotloaderminerpersistencespywarestealer

© 2018-2025

Terms | Privacy