General

  • Target

    c93ffa5d3a9914e0dc9c50212983197285e0123108d42a747d82b52384c70a19

  • Size

    4.5MB

  • Sample

    220508-tb58wsbce2

  • MD5

    5aef5a0d347b8c5d6b5d452cb854b250

  • SHA1

    e34bce7e0274a114fe8d047899d4cc8a76e7d309

  • SHA256

    c93ffa5d3a9914e0dc9c50212983197285e0123108d42a747d82b52384c70a19

  • SHA512

    88cc999f99c4265209e4a250ef24d8d8c786acd65282b952dbe989e9c76d0ff4feadf62220e58f1656ded97590672d16eeb7fbfb824f22015805385fbcc6a725

Malware Config

Targets

    • Target

      c93ffa5d3a9914e0dc9c50212983197285e0123108d42a747d82b52384c70a19

    • Size

      4.5MB

    • MD5

      5aef5a0d347b8c5d6b5d452cb854b250

    • SHA1

      e34bce7e0274a114fe8d047899d4cc8a76e7d309

    • SHA256

      c93ffa5d3a9914e0dc9c50212983197285e0123108d42a747d82b52384c70a19

    • SHA512

      88cc999f99c4265209e4a250ef24d8d8c786acd65282b952dbe989e9c76d0ff4feadf62220e58f1656ded97590672d16eeb7fbfb824f22015805385fbcc6a725

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

    • Detected Stratum cryptominer command

      Looks to be attempting to contact Stratum mining pool.

    • LoaderBot executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Cryptocurrency Miner

      Makes network request to known mining pool URL.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.