Overview

overview

10

Static

static

3

full_min_cr.exe

windows7-x64

1

full_min_cr.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    full_min_cr.exe

  • Size

    2.7MB

  • Sample

    230630-n87kbsah7x

  • MD5

    e7bf9f0c2c1977ddd8e139c13c27be0d

  • SHA1

    e91aff3d9a8c7cef0e9543350864971e4ad93f82

  • SHA256

    a615a2c647bce3b67f43c818a7fd972a653a605efce83b7eb6f38fb374ec8eba

  • SHA512

    d9961824b178944aec2411c1bb29a5ef4b487ce0c251fe381e2841c6abe00f29ecf895ab1baf93e49442af07a14acdcf9d882519d39beb5c4d4902db2db2560f

  • SSDEEP

    49152:552sxwTr/VsoJteujcnqNwelN/z52r7zj9n0cqv/3SYd:55jxa3JteujcncNNQzj9hqXCY

Score
10/10
loaderbotxmrigloaderminerpersistence

Malware Config

Targets

    • Target

      full_min_cr.exe

    • Size

      2.7MB

    • MD5

      e7bf9f0c2c1977ddd8e139c13c27be0d

    • SHA1

      e91aff3d9a8c7cef0e9543350864971e4ad93f82

    • SHA256

      a615a2c647bce3b67f43c818a7fd972a653a605efce83b7eb6f38fb374ec8eba

    • SHA512

      d9961824b178944aec2411c1bb29a5ef4b487ce0c251fe381e2841c6abe00f29ecf895ab1baf93e49442af07a14acdcf9d882519d39beb5c4d4902db2db2560f

    • SSDEEP

      49152:552sxwTr/VsoJteujcnqNwelN/z52r7zj9n0cqv/3SYd:55jxa3JteujcncNNQzj9hqXCY

    Score
    10/10
    loaderbotxmrigloaderminerpersistence

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • LoaderBot executable

    • XMRig Miner payload

      miner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks