General
-
Target
1099655a13691a6c4856fa29fa038e89805c8ff7ba6d04c6c56128728be19ff4
-
Size
4.6MB
-
Sample
240723-qryxzasdqp
-
MD5
917f9d9d484f8657efc7f60b8adde947
-
SHA1
01e4648cef9fb934429d63471127805120202ca9
-
SHA256
1099655a13691a6c4856fa29fa038e89805c8ff7ba6d04c6c56128728be19ff4
-
SHA512
6f81636f49ac851709372e04fa4b95a47da1d17bb84c0150fda6f1ee37111ac357ae17414e9d96f597ac99b2693a9b5838d43fc22b12abbed3e6bbf6421635d2
-
SSDEEP
98304:ybFXaexwoV2rqKxaWkidqVtIhjAgWlZHrtjFsN3RwC+cDhfXXWB:gwexwoVLhidqVtg8jZHrw3wC+8
Malware Config
Targets
-
-
Target
1099655a13691a6c4856fa29fa038e89805c8ff7ba6d04c6c56128728be19ff4
-
Size
4.6MB
-
MD5
917f9d9d484f8657efc7f60b8adde947
-
SHA1
01e4648cef9fb934429d63471127805120202ca9
-
SHA256
1099655a13691a6c4856fa29fa038e89805c8ff7ba6d04c6c56128728be19ff4
-
SHA512
6f81636f49ac851709372e04fa4b95a47da1d17bb84c0150fda6f1ee37111ac357ae17414e9d96f597ac99b2693a9b5838d43fc22b12abbed3e6bbf6421635d2
-
SSDEEP
98304:ybFXaexwoV2rqKxaWkidqVtIhjAgWlZHrtjFsN3RwC+cDhfXXWB:gwexwoVLhidqVtg8jZHrw3wC+8
Score10/10-
LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
LoaderBot executable
-
XMRig Miner payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-