loaderbot | 19561969de9f77cf014c808177cbc5113576d07573d16706226e32c2277374b7 | Triage

Submit
Reports

Overview

overview

Static

static

F53A85E706...47.exe

windows7-x64

F53A85E706...47.exe

windows10-2004-x64

Sharing

General

Target

F53A85E706B1BF9D2C496436CB3B8047.exe
Size

4.0MB
Sample

221130-tgadeagh3t
MD5

f53a85e706b1bf9d2c496436cb3b8047
SHA1

031de0ff90f329b9c2c0ac7eb1810f798bd06f77
SHA256

19561969de9f77cf014c808177cbc5113576d07573d16706226e32c2277374b7
SHA512

3c01f2aa1718f0cccda3e38c4dee76178b7cd13fde3dde5c8de724b8dc94d157ebb65d9e904a29a00d7de97140cedebdf7db3557e4c38674a4c9af4032ca70dc
SSDEEP

98304:w/yQCRfeF3sI6cXEJgw+MC23YMCXlO/f9t3m:wqHRfw3sI6WILrCwHX

Score

10^/10

loaderbot xmrig loader miner persistence

Static task

static1

Behavioral task

behavioral1

Sample

F53A85E706B1BF9D2C496436CB3B8047.exe

Resource

win7-20221111-en

loaderbot xmrig loader miner persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

F53A85E706B1BF9D2C496436CB3B8047.exe

Resource

win10v2004-20221111-en

loaderbot xmrig loader miner persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

loaderbot

C2

http://alexxmn6.beget.tech/cmd.php

Targets

- Target
  
  F53A85E706B1BF9D2C496436CB3B8047.exe
- Size
  
  4.0MB
- MD5
  
  f53a85e706b1bf9d2c496436cb3b8047
- SHA1
  
  031de0ff90f329b9c2c0ac7eb1810f798bd06f77
- SHA256
  
  19561969de9f77cf014c808177cbc5113576d07573d16706226e32c2277374b7
- SHA512
  
  3c01f2aa1718f0cccda3e38c4dee76178b7cd13fde3dde5c8de724b8dc94d157ebb65d9e904a29a00d7de97140cedebdf7db3557e4c38674a4c9af4032ca70dc
- SSDEEP
  
  98304:w/yQCRfeF3sI6cXEJgw+MC23YMCXlO/f9t3m:wqHRfw3sI6WILrCwHX
Score

10^/10

loaderbot xmrig loader miner persistence
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- LoaderBot executable
- XMRig Miner payload
  miner
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

loaderbotxmrigloaderminerpersistence

behavioral2

loaderbotxmrigloaderminerpersistence

© 2018-2024

Terms | Privacy