loaderbot | 1752db737ed003a62b9f7ce7e8101b2fa8bde2718951430bdc52ae858768a6fd | Triage

Submit
Reports

Overview

overview

Static

static

2812-28-0x...ry.exe

windows7-x64

2812-28-0x...ry.exe

windows10-2004-x64

Sharing

General

Target

2812-28-0x0000000000D30000-0x0000000001764000-memory.dmp
Size

10.2MB
Sample

231105-yerl5abc6v
MD5

471e1ef5f5b5f565edfdb50280186890
SHA1

1d9eef098e334545019eb143a663d83e4d594536
SHA256

1752db737ed003a62b9f7ce7e8101b2fa8bde2718951430bdc52ae858768a6fd
SHA512

e160d8dc1309589c35831160362d837e9914abd9ff81470db13163eeeb10fd1e218d3d83012795ca246ceff8cba6acfe82224a5207a22fcc9298d717c40149f9
SSDEEP

98304:vzP88fBsnZTgOtqB3m1RC3XORpug4OZeZ3fq4bBvzeszWpJj1z2ge+u/3qXuD5OK:brpkE3aRC3Hg4bpqsyJ4g3uPIuFKay

Score

10^/10

loaderbot xmrig loader miner persistence themida

Static task

static1

themida loaderbot

4 signatures

Behavioral task

behavioral1

Sample

2812-28-0x0000000000D30000-0x0000000001764000-memory.exe

Resource

win7-20231020-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

2812-28-0x0000000000D30000-0x0000000001764000-memory.exe

Resource

win10v2004-20231020-en

loaderbot xmrig loader miner persistence themida

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  2812-28-0x0000000000D30000-0x0000000001764000-memory.dmp
- Size
  
  10.2MB
- MD5
  
  471e1ef5f5b5f565edfdb50280186890
- SHA1
  
  1d9eef098e334545019eb143a663d83e4d594536
- SHA256
  
  1752db737ed003a62b9f7ce7e8101b2fa8bde2718951430bdc52ae858768a6fd
- SHA512
  
  e160d8dc1309589c35831160362d837e9914abd9ff81470db13163eeeb10fd1e218d3d83012795ca246ceff8cba6acfe82224a5207a22fcc9298d717c40149f9
- SSDEEP
  
  98304:vzP88fBsnZTgOtqB3m1RC3XORpug4OZeZ3fq4bBvzeszWpJj1z2ge+u/3qXuD5OK:brpkE3aRC3Hg4bpqsyJ4g3uPIuFKay
Score

10^/10

loaderbot xmrig loader miner persistence themida
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- LoaderBot executable
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

themidaloaderbot

behavioral1

behavioral2

loaderbotxmrigloaderminerpersistencethemida

© 2018-2025

Terms | Privacy