Overview

overview

10

Static

static

c655f0c249...d0.exe

windows7_x64

8

c655f0c249...d0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c655f0c24956126ca407b915263187cc9a14433d8b8a5f60d553f26497cc9ed0

  • Size

    3.3MB

  • Sample

    220524-wv2e6agfbn

  • MD5

    8607ba047abf1a8403746257cf1a89a8

  • SHA1

    8618fb75f0ce49be1bd8443670bf5d211cbc36ea

  • SHA256

    c655f0c24956126ca407b915263187cc9a14433d8b8a5f60d553f26497cc9ed0

  • SHA512

    62fb47cfd5e6428cb88c16234bf870485396b08c0be6411aeace6a23de63609348790dafc81154bc11dfbe7870849a30618f01af9c55db6f4259dca3e74d3dc4

Score
10/10
loaderbotloaderminerpersistence

Malware Config

Targets

    • Target

      c655f0c24956126ca407b915263187cc9a14433d8b8a5f60d553f26497cc9ed0

    • Size

      3.3MB

    • MD5

      8607ba047abf1a8403746257cf1a89a8

    • SHA1

      8618fb75f0ce49be1bd8443670bf5d211cbc36ea

    • SHA256

      c655f0c24956126ca407b915263187cc9a14433d8b8a5f60d553f26497cc9ed0

    • SHA512

      62fb47cfd5e6428cb88c16234bf870485396b08c0be6411aeace6a23de63609348790dafc81154bc11dfbe7870849a30618f01af9c55db6f4259dca3e74d3dc4

    Score
    10/10
    persistenceloaderbotloaderminer

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • LoaderBot executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks