General
-
Target
31266b2b81192e3794cbbc3340545f10d57c4a327814cfdff35c1560de352c2e
-
Size
2.7MB
-
Sample
220621-akd18agef6
-
MD5
5af6f9cfc9e093a49b9120cfa4ad66f3
-
SHA1
75dab6481ac8d41fdb02d1c88bdc0636b68accea
-
SHA256
31266b2b81192e3794cbbc3340545f10d57c4a327814cfdff35c1560de352c2e
-
SHA512
8340c80b61c18b06b3c8ae02b9e96df99ae77a40634679490ee0b7a6a597d73659808c66d64fe63aa3f48de52b9689519684ae27ab2cc668d6a26fbde32b4348
Malware Config
Targets
-
-
Target
31266b2b81192e3794cbbc3340545f10d57c4a327814cfdff35c1560de352c2e
-
Size
2.7MB
-
MD5
5af6f9cfc9e093a49b9120cfa4ad66f3
-
SHA1
75dab6481ac8d41fdb02d1c88bdc0636b68accea
-
SHA256
31266b2b81192e3794cbbc3340545f10d57c4a327814cfdff35c1560de352c2e
-
SHA512
8340c80b61c18b06b3c8ae02b9e96df99ae77a40634679490ee0b7a6a597d73659808c66d64fe63aa3f48de52b9689519684ae27ab2cc668d6a26fbde32b4348
Score10/10-
LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Detected Stratum cryptominer command
Looks to be attempting to contact Stratum mining pool.
-
LoaderBot executable
-
XMRig Miner Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Cryptocurrency Miner
Makes network request to known mining pool URL.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-