loaderbot

General

Target

edca4bfaa09985c54732f8a0d1023d6a3f8b6665e905ac82ec3f583c67a5c669
Size

2.9MB
Sample

220508-2mzt9acebk
MD5

012f0b24edc0229cde14c6ea38f25044
SHA1

ae5143c5744f9cd4d97b0df86911b6fcf740214e
SHA256

edca4bfaa09985c54732f8a0d1023d6a3f8b6665e905ac82ec3f583c67a5c669
SHA512

ff94a226ffdeda9ac2860cca28152d9e0367f39e61e152186b76292b479091dcb03503eb92f732b5dd25db1b873d9068e262cd0f7522bda8e7ba91c43a926c7e

Score

10^/10

Malware Config

Targets

- Target
  
  edca4bfaa09985c54732f8a0d1023d6a3f8b6665e905ac82ec3f583c67a5c669
- Size
  
  2.9MB
- MD5
  
  012f0b24edc0229cde14c6ea38f25044
- SHA1
  
  ae5143c5744f9cd4d97b0df86911b6fcf740214e
- SHA256
  
  edca4bfaa09985c54732f8a0d1023d6a3f8b6665e905ac82ec3f583c67a5c669
- SHA512
  
  ff94a226ffdeda9ac2860cca28152d9e0367f39e61e152186b76292b479091dcb03503eb92f732b5dd25db1b873d9068e262cd0f7522bda8e7ba91c43a926c7e
Score

10^/10

loaderbot loader miner persistence
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- LoaderBot executable
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detected Stratum cryptominer command

LoaderBot executable

Executes dropped EXE

Checks computer location settings

Cryptocurrency Miner

Drops startup file

Loads dropped DLL

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2