Overview

overview

10

Static

static

1

06abba83e0...28.exe

windows7_x64

8

06abba83e0...28.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06abba83e0a6867c724d290a83a8fb884447822a9dc10eed02243a9141e38028

  • Size

    14.3MB

  • Sample

    220502-wkbfzsegck

  • MD5

    5e97343f1cbbe72316b2fe4c1113be27

  • SHA1

    1d6a1a4e9b23e8242bbd02809e1fe1765d6465cc

  • SHA256

    06abba83e0a6867c724d290a83a8fb884447822a9dc10eed02243a9141e38028

  • SHA512

    64f01e60f036da50edd7eabd3e0b6a6f2eca2e9cb5d34037edfb140d529b2b10ab43d7a057871cf6106475fd2c8650ad10c83e0ef0a8e3cc611f6ed2f953ede1

Score
10/10
loaderbotloaderminerpersistence

Malware Config

Targets

    • Target

      06abba83e0a6867c724d290a83a8fb884447822a9dc10eed02243a9141e38028

    • Size

      14.3MB

    • MD5

      5e97343f1cbbe72316b2fe4c1113be27

    • SHA1

      1d6a1a4e9b23e8242bbd02809e1fe1765d6465cc

    • SHA256

      06abba83e0a6867c724d290a83a8fb884447822a9dc10eed02243a9141e38028

    • SHA512

      64f01e60f036da50edd7eabd3e0b6a6f2eca2e9cb5d34037edfb140d529b2b10ab43d7a057871cf6106475fd2c8650ad10c83e0ef0a8e3cc611f6ed2f953ede1

    Score
    10/10
    loaderbotloaderminerpersistence

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • LoaderBot executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks