loaderbot | 71f47605360c60769050baadca0a2591c034509e0264fab25fd772a6a67d9553 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

71f47605360c60769050baadca0a2591c034509e0264fab25fd772a6a67d9553
Size

4.2MB
Sample

221220-vdez6aad57
MD5

3c10a82315dff77af1026ebc85817d56
SHA1

059d5ddf72fa0a37f83f7d57c069fec9461f2611
SHA256

71f47605360c60769050baadca0a2591c034509e0264fab25fd772a6a67d9553
SHA512

7f25dfbd926394d903a158f7345850f7cb7329b5afef5501e2a91623ea6833c2642db89550d02169ef1cc2458be30f19c2dc673f7747ac185c733ffcd92a614c
SSDEEP

98304:Dg2UKMx7bVNlh4DzS3Sj9SbG80ojiDf7fNinIRx//3LtTs4z0izea4JJVy1s+BJ:Dg2UNbV7hV3KSSlJT/PLtN0iya4Jjy1T

Score

10^/10

loaderbot xmrig loader miner persistence

Static task

static1

Behavioral task

behavioral1

Sample

71f47605360c60769050baadca0a2591c034509e0264fab25fd772a6a67d9553.exe

Resource

win10v2004-20221111-en

loaderbot xmrig loader miner persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

loaderbot

C2

http://mrmax4td.beget.tech/cmd.php

Targets

- Target
  
  71f47605360c60769050baadca0a2591c034509e0264fab25fd772a6a67d9553
- Size
  
  4.2MB
- MD5
  
  3c10a82315dff77af1026ebc85817d56
- SHA1
  
  059d5ddf72fa0a37f83f7d57c069fec9461f2611
- SHA256
  
  71f47605360c60769050baadca0a2591c034509e0264fab25fd772a6a67d9553
- SHA512
  
  7f25dfbd926394d903a158f7345850f7cb7329b5afef5501e2a91623ea6833c2642db89550d02169ef1cc2458be30f19c2dc673f7747ac185c733ffcd92a614c
- SSDEEP
  
  98304:Dg2UKMx7bVNlh4DzS3Sj9SbG80ojiDf7fNinIRx//3LtTs4z0izea4JJVy1s+BJ:Dg2UNbV7hV3KSSlJT/PLtN0iya4Jjy1T
Score

10^/10

loaderbot xmrig loader miner persistence
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- LoaderBot executable
- XMRig Miner payload
  miner
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

loaderbotxmrigloaderminerpersistence

© 2018-2025

Terms | Privacy