Overview

overview

10

Static

static

10

0x00070000...84.exe

windows7-x64

10

0x00070000...84.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x0007000000023491-84.dat

  • Size

    4.0MB

  • Sample

    240810-xwla1axfrf

  • MD5

    8fccb79bcb06003b60601a384a350791

  • SHA1

    f119fd4eb8e10640493c55e90b3213705affca30

  • SHA256

    2c97296ca64dbd00ae6b4eafd79a941a490ef55ccf7f37f6f56758d851a5deaa

  • SHA512

    6cd32193d086e5b4a122581472103b03b2f446803874c53b2d1a0d7af7d768805de1bf65a8e526c963064fb1bdab1508cfc4d0607dc276375c6d760fb1448a4c

  • SSDEEP

    49152:tNDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3:7zP88fBsnZTgOtqB3m1RC3

Score
10/10
loaderbotxmrigdiscoveryloaderminerpersistence

Malware Config

Targets

    • Target

      0x0007000000023491-84.dat

    • Size

      4.0MB

    • MD5

      8fccb79bcb06003b60601a384a350791

    • SHA1

      f119fd4eb8e10640493c55e90b3213705affca30

    • SHA256

      2c97296ca64dbd00ae6b4eafd79a941a490ef55ccf7f37f6f56758d851a5deaa

    • SHA512

      6cd32193d086e5b4a122581472103b03b2f446803874c53b2d1a0d7af7d768805de1bf65a8e526c963064fb1bdab1508cfc4d0607dc276375c6d760fb1448a4c

    • SSDEEP

      49152:tNDFFPJu8fBsVE6ij+RNg+UKpBvtqB3m1RC3:7zP88fBsnZTgOtqB3m1RC3

    Score
    10/10
    loaderbotxmrigdiscoveryloaderminerpersistence

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • LoaderBot executable

    • XMRig Miner payload

      miner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks