loaderbot | 3a662fa4c1c6b1b2e4ee8ae6ef9f6c3e8d0c9c19644a8cab9f8b5ec803614bc8 | Triage

Submit
Reports

Overview

overview

Static

static

0x00080000...90.exe

windows7-x64

0x00080000...90.exe

windows10-2004-x64

Sharing

General

Target

0x000800000001628c-90.dat
Size

4.0MB
Sample

230727-rmgcssfc36
MD5

d0cc6d35827351c327a72dbd86542d2f
SHA1

ebd3d0bf770e05e0f93c4241e7169d39cc86e5fd
SHA256

3a662fa4c1c6b1b2e4ee8ae6ef9f6c3e8d0c9c19644a8cab9f8b5ec803614bc8
SHA512

7c10261f20ededeaf1c1df7609040d91affbfcc2b7a2b2d7ef88d78c66efd1767e1c9c79fbcc5889e397d078337c40ab902088c99e20fc6258695103fed56ea4
SSDEEP

49152:ZNDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3:PzP88fBsnZTgOtqB3m1RC3

Score

10^/10

loaderbot xmrig loader miner persistence

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0x000800000001628c-90.exe

Resource

win7-20230712-en

loaderbot xmrig loader miner persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x000800000001628c-90.exe

Resource

win10v2004-20230703-en

loaderbot xmrig loader miner persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  0x000800000001628c-90.dat
- Size
  
  4.0MB
- MD5
  
  d0cc6d35827351c327a72dbd86542d2f
- SHA1
  
  ebd3d0bf770e05e0f93c4241e7169d39cc86e5fd
- SHA256
  
  3a662fa4c1c6b1b2e4ee8ae6ef9f6c3e8d0c9c19644a8cab9f8b5ec803614bc8
- SHA512
  
  7c10261f20ededeaf1c1df7609040d91affbfcc2b7a2b2d7ef88d78c66efd1767e1c9c79fbcc5889e397d078337c40ab902088c99e20fc6258695103fed56ea4
- SSDEEP
  
  49152:ZNDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3:PzP88fBsnZTgOtqB3m1RC3
Score

10^/10

loaderbot xmrig loader miner persistence
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- LoaderBot executable
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

loaderbotxmrigloaderminerpersistence

behavioral2

loaderbotxmrigloaderminerpersistence

© 2018-2025

Terms | Privacy