loaderbot

General

Target

31266b2b81192e3794cbbc3340545f10d57c4a327814cfdff35c1560de352c2e
Size

2.7MB
Sample

220621-akd18agef6
MD5

5af6f9cfc9e093a49b9120cfa4ad66f3
SHA1

75dab6481ac8d41fdb02d1c88bdc0636b68accea
SHA256

31266b2b81192e3794cbbc3340545f10d57c4a327814cfdff35c1560de352c2e
SHA512

8340c80b61c18b06b3c8ae02b9e96df99ae77a40634679490ee0b7a6a597d73659808c66d64fe63aa3f48de52b9689519684ae27ab2cc668d6a26fbde32b4348
SSDEEP

49152:jvtmropObgS2oJCFm9V+Ce/+yunDu0HtUUknLq+Tam/yFbiE75J2FclF:Ttm+agS2oJJEGLu0wdTtsjF

Score

10^/10

Malware Config

Extracted

Family

loaderbot

C2

http://joskiyet.beget.tech/cmd.php

Targets

- Target
  
  31266b2b81192e3794cbbc3340545f10d57c4a327814cfdff35c1560de352c2e
- Size
  
  2.7MB
- MD5
  
  5af6f9cfc9e093a49b9120cfa4ad66f3
- SHA1
  
  75dab6481ac8d41fdb02d1c88bdc0636b68accea
- SHA256
  
  31266b2b81192e3794cbbc3340545f10d57c4a327814cfdff35c1560de352c2e
- SHA512
  
  8340c80b61c18b06b3c8ae02b9e96df99ae77a40634679490ee0b7a6a597d73659808c66d64fe63aa3f48de52b9689519684ae27ab2cc668d6a26fbde32b4348
- SSDEEP
  
  49152:jvtmropObgS2oJCFm9V+Ce/+yunDu0HtUUknLq+Tam/yFbiE75J2FclF:Ttm+agS2oJJEGLu0wdTtsjF
Score

10^/10

loaderbot xmrig loader miner persistence
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- LoaderBot executable
- XMRig Miner payload
  miner
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

xmrig

LoaderBot executable

XMRig Miner payload

Executes dropped EXE

Checks computer location settings

Cryptocurrency Miner

Drops startup file

Loads dropped DLL

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2