emotet | e65878b615947fcf75baee636c9a2012e28873beb43b8b0250bd9af4b11339ba | Triage

Submit
Reports

Overview

overview

Static

static

3

NiggerDick.exe

windows10-1703-x64

Sharing

General

Target

NiggerDick.exe
Size

3.6MB
Sample

240726-n23msswclr
MD5

edcd9b037986143a8bad4985bf0e661d
SHA1

aa7ad22502f138c9ef68b6e66f50999ed94c7276
SHA256

e65878b615947fcf75baee636c9a2012e28873beb43b8b0250bd9af4b11339ba
SHA512

3f62163ae6bb81dc59e23c6ad5192de1fd0bfe7e6e85e4420119e314b48c7431bdd368c841f802c858aee67a45b88959ce32f961de9a8e965cc47cf7b946ea9c
SSDEEP

49152:8F24+xNyKwdkMRcHwK5+MdqUolO+r8tEAmafrP4iUUYJETGXP6XA:8F24gNyKw6MpMdqpfrjgUi2ETGXM

Score

10^/10

emotet privateloader xmrig banker bootkit discovery loader miner persistence trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NiggerDick.exe

Resource

win10-20240404-en

emotet privateloader xmrig banker bootkit discovery loader miner persistence trojan vmprotect

windows10-1703-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  NiggerDick.exe
- Size
  
  3.6MB
- MD5
  
  edcd9b037986143a8bad4985bf0e661d
- SHA1
  
  aa7ad22502f138c9ef68b6e66f50999ed94c7276
- SHA256
  
  e65878b615947fcf75baee636c9a2012e28873beb43b8b0250bd9af4b11339ba
- SHA512
  
  3f62163ae6bb81dc59e23c6ad5192de1fd0bfe7e6e85e4420119e314b48c7431bdd368c841f802c858aee67a45b88959ce32f961de9a8e965cc47cf7b946ea9c
- SSDEEP
  
  49152:8F24+xNyKwdkMRcHwK5+MdqUolO+r8tEAmafrP4iUUYJETGXP6XA:8F24gNyKw6MpMdqpfrjgUi2ETGXM
Score

10^/10

emotet privateloader xmrig banker bootkit discovery loader miner persistence trojan vmprotect
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

emotetprivateloaderxmrigbankerbootkitdiscoveryloaderminerpersistencetrojanvmprotect

© 2018-2024

Terms | Privacy