Overview

overview

10

Static

static

10

b62d176938...18.exe

windows7-x64

10

b62d176938...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b62d1769383bddb768f99262910e6fba_JaffaCakes118

  • Size

    4.3MB

  • Sample

    240404-mp5e7ace9w

  • MD5

    b62d1769383bddb768f99262910e6fba

  • SHA1

    6c345987ee903213b8f36437aea49ec598a02c29

  • SHA256

    69c67bdda6ae1be885235b7d2d1b99cd9b0711f48bc55dbcca4f45c7eace9f02

  • SHA512

    cff5a1d28af030e77ed78a849c6afcdb23eab7734a7d44b1bbd08b7243f997468dda59d86f194f4bfb4b30110f3d8ba87ef49203c147fc2da2fc157b05d1f088

  • SSDEEP

    98304:kNNaf55cH3Bj1JkxjOejrq8lVwOro1bbyOFb0hjB4+81TC:kNNa4HxDe/GDhFb0lB4+

Score
10/10
loaderbotxmrigloaderminerpersistence

Malware Config

Extracted

Family

loaderbot

C2

http://jiamah9m.beget.tech/cmd.php

Targets

    • Target

      b62d1769383bddb768f99262910e6fba_JaffaCakes118

    • Size

      4.3MB

    • MD5

      b62d1769383bddb768f99262910e6fba

    • SHA1

      6c345987ee903213b8f36437aea49ec598a02c29

    • SHA256

      69c67bdda6ae1be885235b7d2d1b99cd9b0711f48bc55dbcca4f45c7eace9f02

    • SHA512

      cff5a1d28af030e77ed78a849c6afcdb23eab7734a7d44b1bbd08b7243f997468dda59d86f194f4bfb4b30110f3d8ba87ef49203c147fc2da2fc157b05d1f088

    • SSDEEP

      98304:kNNaf55cH3Bj1JkxjOejrq8lVwOro1bbyOFb0hjB4+81TC:kNNa4HxDe/GDhFb0lB4+

    Score
    10/10
    loaderbotxmrigloaderminerpersistence

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • LoaderBot executable

    • XMRig Miner payload

      miner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks