loaderbot | 992418223c75419c5052236a46a7cbb7a4855e5402ede0f2452cf0d7d69df1c4 | Triage

Submit
Reports

Overview

overview

Static

static

512415531e...71.exe

windows7-x64

512415531e...71.exe

windows10-2004-x64

Sharing

General

Target

512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871.zip
Size

211KB
Sample

240417-g858yahe21
MD5

94d74774b6c0f4b15d365f21ed6f8b65
SHA1

ce974fec2cf84dd0e7154c101267aa87b4916483
SHA256

992418223c75419c5052236a46a7cbb7a4855e5402ede0f2452cf0d7d69df1c4
SHA512

2f6f9b1462f9a76d5880409384ddd518d4b457e4f273a894a0f9d63b009d66c8485435ebb4173f71b41524a50b11a538af916e53bda529739747826faf1c38cf
SSDEEP

6144:FcjEchtp3fKmUVQe3VUYuuafG4XSWZv7p:FOhttKmUie3V2ua6qF

Score

10^/10

loaderbot xmrig discovery loader miner persistence

Static task

static1

miner loaderbot xmrig

5 signatures

Behavioral task

behavioral1

Sample

512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871.exe

Resource

win7-20240221-en

loaderbot xmrig discovery loader miner persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871.exe

Resource

win10v2004-20240226-en

loaderbot xmrig discovery loader miner persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

loaderbot

C2

http://ih803741.myihor.ru/cmd.php

Targets

- Target
  
  512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871
- Size
  
  448KB
- MD5
  
  0d96da9c38b21d97fce1528e7dc1af7c
- SHA1
  
  1b9b049440b495a9378df502686341734ff167b9
- SHA256
  
  512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871
- SHA512
  
  d0511c6dee7001ec9e6f5de471d57870536f9e14a943cbb9ffab4df5252b27625ccad59904a2870767410082d6fb4e804169ebf523e4b1e0334b6ff065c2811a
- SSDEEP
  
  12288:5i3Q+jkZaZJEeDoS/8+tR7HFVaX4zqhfkH:5i3Q+jkkDoS/8+tNvzAu
Score

10^/10

loaderbot xmrig discovery loader miner persistence
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

minerloaderbotxmrig

behavioral1

loaderbotxmrigdiscoveryloaderminerpersistence

behavioral2

loaderbotxmrigdiscoveryloaderminerpersistence

© 2018-2024

Terms | Privacy