loaderbot | 3095da09ee2fc9ec9a91ac1624fe670612450b5dd71fd8e1e59f11810c26654e | Triage

Submit
Reports

Overview

overview

Static

static

1

7fd525394f...80.exe

windows7-x64

7fd525394f...80.exe

windows10-2004-x64

Sharing

General

Target

b7250436469d05b646b54b00ccb74d7e.bin
Size

4.1MB
Sample

240414-b7cmcagb2s
MD5

25f44121e5c60debe33cd282e8c9f5a2
SHA1

e7afb50d466f9da29b3ae8224eba78f29778c528
SHA256

3095da09ee2fc9ec9a91ac1624fe670612450b5dd71fd8e1e59f11810c26654e
SHA512

fd5338ed881f26661f566e3c5fe957f22152771a80ad742e374300233367bbe719f0ffae14131ea6a2792a215d114f78c2a688edae93f36975827b2b08eaf18a
SSDEEP

98304:4CrVDf1dwUySaxq1ZK7wgsT1Icmeb3TRls79PnYG:4CrV3MSSq1ZKUZIcmeb3dlspPYG

Score

10^/10

loaderbot xmrig loader miner persistence

Static task

static1

Behavioral task

behavioral1

Sample

7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780.exe

Resource

win7-20240221-en

loaderbot xmrig loader miner persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780.exe

Resource

win10v2004-20240412-en

loaderbot xmrig loader miner persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780.exe
- Size
  
  4.2MB
- MD5
  
  b7250436469d05b646b54b00ccb74d7e
- SHA1
  
  7ad840124e69004c862d0cf3f722b00cbfbbb9d3
- SHA256
  
  7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780
- SHA512
  
  599e2a873b14b461c628ef3fb3f9771e11d866ff16012e82fbd614267e4eab268abd0671ad6bca6bcc8a5808e94b5aa1dcbb7ba75c51e78a645f040d60732ba4
- SSDEEP
  
  98304:tt5Uqm7J/F8CAXFSubtgfzlM87bnHzNLhs5rugOyMhKGiDy7:ttw7JrAVRclM87bnTNTgOywUy7
Score

10^/10

loaderbot xmrig loader miner persistence
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- LoaderBot executable
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

loaderbotxmrigloaderminerpersistence

behavioral2

loaderbotxmrigloaderminerpersistence

© 2018-2024

Terms | Privacy