Extracted

• • Target

    F53A85E706B1BF9D2C496436CB3B8047.exe

  • Size

    4.0MB

  • MD5

    f53a85e706b1bf9d2c496436cb3b8047

  • SHA1

    031de0ff90f329b9c2c0ac7eb1810f798bd06f77

  • SHA256

    19561969de9f77cf014c808177cbc5113576d07573d16706226e32c2277374b7

  • SHA512

    3c01f2aa1718f0cccda3e38c4dee76178b7cd13fde3dde5c8de724b8dc94d157ebb65d9e904a29a00d7de97140cedebdf7db3557e4c38674a4c9af4032ca70dc

  • SSDEEP

    98304:w/yQCRfeF3sI6cXEJgw+MC23YMCXlO/f9t3m:wqHRfw3sI6WILrCwHX

  Score

  10^/10

  loaderbotxmrigloaderminerpersistence

  • LoaderBot

    LoaderBot is a loader written in .NET downloading and executing miners.

    loaderminerloaderbot

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • LoaderBot executable

  • XMRig Miner payload

    miner

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2