General

  • Target

    917f9d9d484f8657efc7f60b8adde947.exe

  • Size

    4.6MB

  • Sample

    240723-ql7ypasbnm

  • MD5

    917f9d9d484f8657efc7f60b8adde947

  • SHA1

    01e4648cef9fb934429d63471127805120202ca9

  • SHA256

    1099655a13691a6c4856fa29fa038e89805c8ff7ba6d04c6c56128728be19ff4

  • SHA512

    6f81636f49ac851709372e04fa4b95a47da1d17bb84c0150fda6f1ee37111ac357ae17414e9d96f597ac99b2693a9b5838d43fc22b12abbed3e6bbf6421635d2

  • SSDEEP

    98304:ybFXaexwoV2rqKxaWkidqVtIhjAgWlZHrtjFsN3RwC+cDhfXXWB:gwexwoVLhidqVtg8jZHrw3wC+8

Malware Config

Targets

    • Target

      917f9d9d484f8657efc7f60b8adde947.exe

    • Size

      4.6MB

    • MD5

      917f9d9d484f8657efc7f60b8adde947

    • SHA1

      01e4648cef9fb934429d63471127805120202ca9

    • SHA256

      1099655a13691a6c4856fa29fa038e89805c8ff7ba6d04c6c56128728be19ff4

    • SHA512

      6f81636f49ac851709372e04fa4b95a47da1d17bb84c0150fda6f1ee37111ac357ae17414e9d96f597ac99b2693a9b5838d43fc22b12abbed3e6bbf6421635d2

    • SSDEEP

      98304:ybFXaexwoV2rqKxaWkidqVtIhjAgWlZHrtjFsN3RwC+cDhfXXWB:gwexwoVLhidqVtg8jZHrw3wC+8

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • LoaderBot executable

    • XMRig Miner payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks