loaderbot | 512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871[.]zip

General

Target

512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871.zip
Size

211KB
MD5

94d74774b6c0f4b15d365f21ed6f8b65
SHA1

ce974fec2cf84dd0e7154c101267aa87b4916483
SHA256

992418223c75419c5052236a46a7cbb7a4855e5402ede0f2452cf0d7d69df1c4
SHA512

2f6f9b1462f9a76d5880409384ddd518d4b457e4f273a894a0f9d63b009d66c8485435ebb4173f71b41524a50b11a538af916e53bda529739747826faf1c38cf
SSDEEP

6144:FcjEchtp3fKmUVQe3VUYuuafG4XSWZv7p:FOhttKmUie3V2ua6qF

Score

10^/10

Family

loaderbot

C2

http://ih803741.myihor.ru/cmd.php

LoaderBot executable 1 IoCs

resource	yara_rule
static1/unpack001/512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871	loaderbot

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
static1/unpack001/512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871	xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871

512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871.zip
.zip

Password: threatbook
512415531e7f3ef14143d8ebb3c9fd804bb3a33dd907ac676364c6fabdf99871
.exe windows:4 windows x86 arch:x86

Password: threatbook

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\User\Desktop\builder2\t\Miner\obj\Release\t.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ