loaderbot | 6fad65e07016e5e124331e2fa805da27ffd2498fc4b3a622d1f5c8ca5fd72a00 | Triage

Submit
Reports

Overview

overview

Static

static

MonsterHack.exe

windows7-x64

MonsterHack.exe

windows10-2004-x64

Sharing

General

Target

MonsterHack.rar
Size

1.6MB
Sample

240623-nzv5yatbln
MD5

c3e9b5d03207fac9cfbc67244749cca1
SHA1

d92825d94a89255859e31bd7393bc833056e3b13
SHA256

6fad65e07016e5e124331e2fa805da27ffd2498fc4b3a622d1f5c8ca5fd72a00
SHA512

0573f3587af44f9996eef8181ee3a6b75e9c6baeb9d9623d3b8a11ff8edd30bda7a0c663e90b620317f05b5e887d5e52deeccf53eabb33284308596360f9c9d8
SSDEEP

24576:JwqX8NWpU2VwBFaXFhX+Pch8VAcAgH2ixrv7LuwhKZWSgJ7I2xKFFbIwzxt/J9P:XBKU2FaXFdH8VhAK2c7LBH9FEFblrBF

Score

10^/10

loaderbot xmrig loader miner persistence

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

MonsterHack.exe

Resource

win7-20240508-en

loaderbot xmrig loader miner persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

MonsterHack.exe

Resource

win10v2004-20240508-en

loaderbot xmrig loader miner persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  MonsterHack.exe
- Size
  
  4.0MB
- MD5
  
  6efea760737c914276321712b7c5faf0
- SHA1
  
  cac227707c574deba24c71c85e64e0da1e246b11
- SHA256
  
  6952e0e1fc7847b46473a9f22ba352a06623f966e08bb6f79a8b189a117e1510
- SHA512
  
  f60077d79a205a78ca86dbd32072604298e2df14dbbc96c94561765289aaeb79123b5fe747e9dcda8289682c57805b9449c67f21f10f4b2453abf09b0ac88561
- SSDEEP
  
  49152:5NDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3:vzP88fBsnZTgOtqB3m1RC3
Score

10^/10

loaderbot xmrig loader miner persistence
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- LoaderBot executable
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

loaderbotxmrigloaderminerpersistence

behavioral2

loaderbotxmrigloaderminerpersistence

© 2018-2024

Terms | Privacy