Overview

overview

10

Static

static

3

wdagad.exe

windows7-x64

10

wdagad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wdagad.exe

  • Size

    2.1MB

  • Sample

    230630-n89dxsah8w

  • MD5

    79931719ae9c21e1d8c5f1a419e85f71

  • SHA1

    d4c5bdc3d4a0f2e9ca5f6e9407b837dea75c8edd

  • SHA256

    f1e4bb232f6e5e0bcfb68627aea7b09b114e8f6d15a57a6e2e938db455d768bb

  • SHA512

    e71ee3950f025f4aa0727a52b4493d9c57671bd73b3ae9309983229071c1812d2b9801067a0e80fa04dddc5e13e3dfdb223f07c75ab7757f296f79db7bad986f

  • SSDEEP

    49152:ABRj0wlUtbZqxNwv6MitufUjzmTL7oG34n0FBhlT:at0wlUxgGqzULEGgi

Score
10/10
loaderbotxmrigloaderminerpersistence

Malware Config

Targets

    • Target

      wdagad.exe

    • Size

      2.1MB

    • MD5

      79931719ae9c21e1d8c5f1a419e85f71

    • SHA1

      d4c5bdc3d4a0f2e9ca5f6e9407b837dea75c8edd

    • SHA256

      f1e4bb232f6e5e0bcfb68627aea7b09b114e8f6d15a57a6e2e938db455d768bb

    • SHA512

      e71ee3950f025f4aa0727a52b4493d9c57671bd73b3ae9309983229071c1812d2b9801067a0e80fa04dddc5e13e3dfdb223f07c75ab7757f296f79db7bad986f

    • SSDEEP

      49152:ABRj0wlUtbZqxNwv6MitufUjzmTL7oG34n0FBhlT:at0wlUxgGqzULEGgi

    Score
    10/10
    loaderbotxmrigloaderminerpersistence

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • LoaderBot executable

    • XMRig Miner payload

      miner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks