General
-
Target
49ac7233602bbdc3f70f9b5f68cc99a1e79768013f3abcc68a594da4aee873f0
-
Size
2.8MB
-
Sample
220701-g8wphafhdm
-
MD5
fd6c40dbd747bdce483fd0e8d36912fe
-
SHA1
596cecba374b8ff52c06eac846853537860b8aeb
-
SHA256
49ac7233602bbdc3f70f9b5f68cc99a1e79768013f3abcc68a594da4aee873f0
-
SHA512
c86284ac889facde7f5ec11901ec7d7a48a275e739e6b8985e5b0a0bab5a98b13c31fd2382429f365cb3e27c432e37b8404bf63c76bfc255c215210e656e4fd5
Malware Config
Targets
-
-
Target
49ac7233602bbdc3f70f9b5f68cc99a1e79768013f3abcc68a594da4aee873f0
-
Size
2.8MB
-
MD5
fd6c40dbd747bdce483fd0e8d36912fe
-
SHA1
596cecba374b8ff52c06eac846853537860b8aeb
-
SHA256
49ac7233602bbdc3f70f9b5f68cc99a1e79768013f3abcc68a594da4aee873f0
-
SHA512
c86284ac889facde7f5ec11901ec7d7a48a275e739e6b8985e5b0a0bab5a98b13c31fd2382429f365cb3e27c432e37b8404bf63c76bfc255c215210e656e4fd5
Score10/10-
LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
-
suricata: ET MALWARE CerberTear Ransomware CnC Checkin
suricata: ET MALWARE CerberTear Ransomware CnC Checkin
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
LoaderBot executable
-
XMRig Miner Payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-