General
-
Target
2648-24-0x0000000000E00000-0x0000000001834000-memory.dmp
-
Size
10.2MB
-
Sample
231022-p4gnsaab76
-
MD5
02b4c592b543df48b80a09946a001aab
-
SHA1
14f6d57fd3d15623e426c82d56a349765df67dff
-
SHA256
2425703be93685d101d68f68f005c25b61330cfc3efc017e984630cde7760c79
-
SHA512
3bdfcbad1c13e534d8c587a0bbf148489c3d081a84372b8ad82818bdc0d95b71bb8d10c5dac50c1422ef073c0021efb7951828c5ebf936363075dad2e44748c6
-
SSDEEP
98304:nzP88fBsnZTgOtqB3m1RC3hORpug4ORd0Xw4bBv+eszWpJj1z2ge+u/3qXuD5Oxc:DrpkE3aRC32f4bprsyJ4g3uPIuFKay
Malware Config
Targets
-
-
Target
2648-24-0x0000000000E00000-0x0000000001834000-memory.dmp
-
Size
10.2MB
-
MD5
02b4c592b543df48b80a09946a001aab
-
SHA1
14f6d57fd3d15623e426c82d56a349765df67dff
-
SHA256
2425703be93685d101d68f68f005c25b61330cfc3efc017e984630cde7760c79
-
SHA512
3bdfcbad1c13e534d8c587a0bbf148489c3d081a84372b8ad82818bdc0d95b71bb8d10c5dac50c1422ef073c0021efb7951828c5ebf936363075dad2e44748c6
-
SSDEEP
98304:nzP88fBsnZTgOtqB3m1RC3hORpug4ORd0Xw4bBv+eszWpJj1z2ge+u/3qXuD5Oxc:DrpkE3aRC32f4bprsyJ4g3uPIuFKay
Score10/10-
LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
LoaderBot executable
-
XMRig Miner payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-