loaderbot | f69025c3989bcf53faa23fb240fc6710ab36ed36c13b5c2fa78c8725772dbe4f

General

Target

f69025c3989bcf53faa23fb240fc6710ab36ed36c13b5c2fa78c8725772dbe4f
Size

1.1MB
Sample

220524-cx3w8acdg6
MD5

35b94119f76089e8937496e6942fb9dd
SHA1

8cc1318e56d7f57ac2c1f62ebfffdd2ad68c4d7c
SHA256

f69025c3989bcf53faa23fb240fc6710ab36ed36c13b5c2fa78c8725772dbe4f
SHA512

d899970fbb9dc843def051d03830cc76a27b9ea4fab9b4785eba901a45d85d1db91cfa2d7f2e7458a1353636a98d012842e831f34e6b2c7fc69e43d0db150348

Score

10^/10

Malware Config

Targets

- Target
  
  f69025c3989bcf53faa23fb240fc6710ab36ed36c13b5c2fa78c8725772dbe4f
- Size
  
  1.1MB
- MD5
  
  35b94119f76089e8937496e6942fb9dd
- SHA1
  
  8cc1318e56d7f57ac2c1f62ebfffdd2ad68c4d7c
- SHA256
  
  f69025c3989bcf53faa23fb240fc6710ab36ed36c13b5c2fa78c8725772dbe4f
- SHA512
  
  d899970fbb9dc843def051d03830cc76a27b9ea4fab9b4785eba901a45d85d1db91cfa2d7f2e7458a1353636a98d012842e831f34e6b2c7fc69e43d0db150348
Score

10^/10

xmrig miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Detected Stratum cryptominer command
  Looks to be attempting to contact Stratum mining pool.
  miner
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

xmrig

Detected Stratum cryptominer command

XMRig Miner Payload

Executes dropped EXE

Checks computer location settings

Cryptocurrency Miner

Drops startup file

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2