General

  • Target

    cada3e288c060cfdbf02ba7862856e75ae80da25628847ab61ca88742b4e56b9

  • Size

    4.2MB

  • Sample

    240718-2ln2cstbnd

  • MD5

    ec65a98577fe1efb547b7e62e52e71b6

  • SHA1

    dc25d5b63597fbe49c89c3b21a21facd5fa2d5fc

  • SHA256

    cada3e288c060cfdbf02ba7862856e75ae80da25628847ab61ca88742b4e56b9

  • SHA512

    3082ca0dc0ac1d59ab86a371cacad53c99c979487c895eeba2d2bcb66c05ea6933cce1917bb7fe08906a4ac0c267eda2375cf940d6220b8819dbbedea50be1bc

  • SSDEEP

    98304:kq5rst/26xqh6dyuuLy1rBuAY7bk6hVbCoBpYTVpAJbcTf:kqBsAPhW3uL8BubY6hooD4pAJb

Malware Config

Extracted

Family

loaderbot

C2

https://ct45361.tw1.ru/cmd.php

Targets

    • Target

      cada3e288c060cfdbf02ba7862856e75ae80da25628847ab61ca88742b4e56b9

    • Size

      4.2MB

    • MD5

      ec65a98577fe1efb547b7e62e52e71b6

    • SHA1

      dc25d5b63597fbe49c89c3b21a21facd5fa2d5fc

    • SHA256

      cada3e288c060cfdbf02ba7862856e75ae80da25628847ab61ca88742b4e56b9

    • SHA512

      3082ca0dc0ac1d59ab86a371cacad53c99c979487c895eeba2d2bcb66c05ea6933cce1917bb7fe08906a4ac0c267eda2375cf940d6220b8819dbbedea50be1bc

    • SSDEEP

      98304:kq5rst/26xqh6dyuuLy1rBuAY7bk6hVbCoBpYTVpAJbcTf:kqBsAPhW3uL8BubY6hooD4pAJb

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • LoaderBot executable

    • XMRig Miner payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks