Overview

overview

10

Static

static

1

13f091c04b...5e.exe

windows7-x64

1

13f091c04b...5e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13f091c04b02de894b2b68404b101f5e

  • Size

    2.1MB

  • Sample

    231224-1rlmraahf7

  • MD5

    13f091c04b02de894b2b68404b101f5e

  • SHA1

    77be502649288dc78adfd4d887afd8c2f2e06fae

  • SHA256

    e88dc2a26b632c34188248f90b1a9f222d3da628839271d989be8fec039fb714

  • SHA512

    a115fed08b8f87c0d2dbf93a12c187c2d58ae5c54753ab7e9e82473cb5e2486bd6a435940ec38148a776436e26e52a9c71ee4f3e4aba6ae1c508488483f192cf

  • SSDEEP

    49152:3LeFWZXUM2OSAUhB0ETI++BrpMLdDQXWb+FPWRlW:/UM2DD5IhBrpCFQXk+FPWjW

Score
10/10
loaderbotxmrigloaderminerpersistence

Malware Config

Targets

    • Target

      13f091c04b02de894b2b68404b101f5e

    • Size

      2.1MB

    • MD5

      13f091c04b02de894b2b68404b101f5e

    • SHA1

      77be502649288dc78adfd4d887afd8c2f2e06fae

    • SHA256

      e88dc2a26b632c34188248f90b1a9f222d3da628839271d989be8fec039fb714

    • SHA512

      a115fed08b8f87c0d2dbf93a12c187c2d58ae5c54753ab7e9e82473cb5e2486bd6a435940ec38148a776436e26e52a9c71ee4f3e4aba6ae1c508488483f192cf

    • SSDEEP

      49152:3LeFWZXUM2OSAUhB0ETI++BrpMLdDQXWb+FPWRlW:/UM2DD5IhBrpCFQXk+FPWjW

    Score
    10/10
    loaderbotxmrigloaderminerpersistence

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • LoaderBot executable

    • XMRig Miner payload

      miner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks