General
-
Target
1754d64016c758a65cb85df328ffd502a7255a6855d976e3bdeb497f95201848
-
Size
663KB
-
Sample
220608-z6yeeshgdp
-
MD5
259716fa526d79543988edace76417a7
-
SHA1
d932ebd91d7ce77bb7be00abbb308c1cb3961d2b
-
SHA256
1754d64016c758a65cb85df328ffd502a7255a6855d976e3bdeb497f95201848
-
SHA512
e639e7c73f8e78f1cc01801673245c303943195f2d39aa0da00104bfba4c69dfaea35d733824f73776beb8691421c207f8e314609942ff502f7c2c52377b5820
-
SSDEEP
12288:HPSEujS44WCfXXQIhA+NlM5Chr9rNLP1PCZK099CAYVZ:HMS4/0Xvh/lM54N7CZKC9CBz
Malware Config
Extracted
loaderbot
http://179.43.147.227/mine/cmd.php
Targets
-
-
Target
1754d64016c758a65cb85df328ffd502a7255a6855d976e3bdeb497f95201848
-
Size
663KB
-
MD5
259716fa526d79543988edace76417a7
-
SHA1
d932ebd91d7ce77bb7be00abbb308c1cb3961d2b
-
SHA256
1754d64016c758a65cb85df328ffd502a7255a6855d976e3bdeb497f95201848
-
SHA512
e639e7c73f8e78f1cc01801673245c303943195f2d39aa0da00104bfba4c69dfaea35d733824f73776beb8691421c207f8e314609942ff502f7c2c52377b5820
-
SSDEEP
12288:HPSEujS44WCfXXQIhA+NlM5Chr9rNLP1PCZK099CAYVZ:HMS4/0Xvh/lM54N7CZKC9CBz
Score10/10-
LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
-
suricata: ET MALWARE CerberTear Ransomware CnC Checkin
suricata: ET MALWARE CerberTear Ransomware CnC Checkin
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
LoaderBot executable
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Cryptocurrency Miner
Makes network request to known mining pool URL.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-