Extracted

• • Target

    b62d1769383bddb768f99262910e6fba_JaffaCakes118

  • Size

    4.3MB

  • MD5

    b62d1769383bddb768f99262910e6fba

  • SHA1

    6c345987ee903213b8f36437aea49ec598a02c29

  • SHA256

    69c67bdda6ae1be885235b7d2d1b99cd9b0711f48bc55dbcca4f45c7eace9f02

  • SHA512

    cff5a1d28af030e77ed78a849c6afcdb23eab7734a7d44b1bbd08b7243f997468dda59d86f194f4bfb4b30110f3d8ba87ef49203c147fc2da2fc157b05d1f088

  • SSDEEP

    98304:kNNaf55cH3Bj1JkxjOejrq8lVwOro1bbyOFb0hjB4+81TC:kNNa4HxDe/GDhFb0lB4+

  Score

  10^/10

  loaderbotxmrigloaderminerpersistence

  • LoaderBot

    LoaderBot is a loader written in .NET downloading and executing miners.

    loaderminerloaderbot

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • LoaderBot executable

  • XMRig Miner payload

    miner

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2