loaderbot | 956ed3d65647e3c2ef5d8d2c765cc5b6af731fc921572a1a52cbff17e40bacb2 | Triage

Submit
Reports

Overview

overview

Static

static

956ed3d656...b2.exe

windows7_x64

956ed3d656...b2.exe

windows10-2004_x64

Sharing

General

Target

956ed3d65647e3c2ef5d8d2c765cc5b6af731fc921572a1a52cbff17e40bacb2
Size

5.2MB
Sample

220418-ydqy7sdack
MD5

9b23553f7d72ad29c16700674f7ec980
SHA1

95430ab8181b01887fee0f3091e00cdad4fa8a07
SHA256

956ed3d65647e3c2ef5d8d2c765cc5b6af731fc921572a1a52cbff17e40bacb2
SHA512

bc5f818d7209dc5ad37669d10568c496ad59a1d5ea65c937fbccc47f2f6aa56a872f6f0feaeae8d246b0e17a75326efd5c07844ba727755cf6f33f983841c94a

Score

10^/10

loaderbot loader miner persistence

Static task

static1

Behavioral task

behavioral1

Sample

956ed3d65647e3c2ef5d8d2c765cc5b6af731fc921572a1a52cbff17e40bacb2.exe

Resource

win7-20220414-en

loaderbot loader miner persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

956ed3d65647e3c2ef5d8d2c765cc5b6af731fc921572a1a52cbff17e40bacb2.exe

Resource

win10v2004-20220414-en

loaderbot loader miner persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  956ed3d65647e3c2ef5d8d2c765cc5b6af731fc921572a1a52cbff17e40bacb2
- Size
  
  5.2MB
- MD5
  
  9b23553f7d72ad29c16700674f7ec980
- SHA1
  
  95430ab8181b01887fee0f3091e00cdad4fa8a07
- SHA256
  
  956ed3d65647e3c2ef5d8d2c765cc5b6af731fc921572a1a52cbff17e40bacb2
- SHA512
  
  bc5f818d7209dc5ad37669d10568c496ad59a1d5ea65c937fbccc47f2f6aa56a872f6f0feaeae8d246b0e17a75326efd5c07844ba727755cf6f33f983841c94a
Score

10^/10

loaderbot loader miner persistence
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- LoaderBot executable
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

loaderbotloaderminerpersistence

behavioral2

loaderbotloaderminerpersistence

© 2018-2025

Terms | Privacy