Overview

overview

10

Static

static

3

1099655a13...f4.exe

windows7-x64

3

1099655a13...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    917f9d9d484f8657efc7f60b8adde947.bin

  • Size

    4.2MB

  • Sample

    240725-dyqhyswbkj

  • MD5

    7ca10e3ad4004186a54911a683bbec77

  • SHA1

    d5c3c0a59e90793a9eff51e7dca437ac55f3fa4d

  • SHA256

    d82a6605140ac928774ee999bfd267b58180259b0f9f583bcc4d1a92618edb50

  • SHA512

    1676b3e1d5950263b4d6cff9ab1fbc80fa3cfd0fecdf22a83e05a06c1c7b0e2160f9cf7bc48c0d2a154154fd15cdb4ec7fe19a439f7f97e32bdc60f9e0d1fdf0

  • SSDEEP

    98304:uD2pmy6uk97b3FJpiGZLfgKuTuI1qCQd7Ge4FFpPek+iwGK9a:uD2YRuubrVZ70TRvwgFpWNUKA

Score
10/10
loaderbotxmrigdiscoveryloaderminerpersistence

Malware Config

Targets

    • Target

      1099655a13691a6c4856fa29fa038e89805c8ff7ba6d04c6c56128728be19ff4.exe

    • Size

      4.6MB

    • MD5

      917f9d9d484f8657efc7f60b8adde947

    • SHA1

      01e4648cef9fb934429d63471127805120202ca9

    • SHA256

      1099655a13691a6c4856fa29fa038e89805c8ff7ba6d04c6c56128728be19ff4

    • SHA512

      6f81636f49ac851709372e04fa4b95a47da1d17bb84c0150fda6f1ee37111ac357ae17414e9d96f597ac99b2693a9b5838d43fc22b12abbed3e6bbf6421635d2

    • SSDEEP

      98304:ybFXaexwoV2rqKxaWkidqVtIhjAgWlZHrtjFsN3RwC+cDhfXXWB:gwexwoVLhidqVtg8jZHrw3wC+8

    Score
    10/10
    discoveryloaderbotxmrigloaderminerpersistence

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • LoaderBot executable

    • XMRig Miner payload

      miner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks