Overview

overview

10

Static

static

1

354bf7f189...07.exe

windows7_x64

8

354bf7f189...07.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    354bf7f1899b9c1eec5cd0f24b75520ef811c12f22ad5e66ce595efcd26aea07

  • Size

    14.3MB

  • Sample

    220511-275k8scef4

  • MD5

    8f604408532bc298c12de77e77d67652

  • SHA1

    b16d5cae22bd5af1919c107ff5c5786a1a8dfdf0

  • SHA256

    354bf7f1899b9c1eec5cd0f24b75520ef811c12f22ad5e66ce595efcd26aea07

  • SHA512

    cb0f3e11060630afd3ac597385652706fac40e683ddf0d4c2328dd2bc267e8e5f8426d1ea744e70f062e9a9ca489311735deca78394d312381b5136a5838d9fc

Score
10/10
loaderbotloaderminerpersistence

Malware Config

Targets

    • Target

      354bf7f1899b9c1eec5cd0f24b75520ef811c12f22ad5e66ce595efcd26aea07

    • Size

      14.3MB

    • MD5

      8f604408532bc298c12de77e77d67652

    • SHA1

      b16d5cae22bd5af1919c107ff5c5786a1a8dfdf0

    • SHA256

      354bf7f1899b9c1eec5cd0f24b75520ef811c12f22ad5e66ce595efcd26aea07

    • SHA512

      cb0f3e11060630afd3ac597385652706fac40e683ddf0d4c2328dd2bc267e8e5f8426d1ea744e70f062e9a9ca489311735deca78394d312381b5136a5838d9fc

    Score
    10/10
    loaderbotloaderminerpersistence

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • LoaderBot executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks