loaderbot | 010b8f865dce90452f05c5ae0e9f05731af9a9ebcc6e73c9359d7163c0bfe935 | Triage

Submit
Reports

Overview

overview

Static

static

________ _...__.exe

windows7-x64

________ _...__.exe

windows10-2004-x64

Sharing

General

Target

bed201c48e30db0c1309fb9179337a2b_JaffaCakes118
Size

430KB
Sample

240824-r5legavera
MD5

bed201c48e30db0c1309fb9179337a2b
SHA1

5a206a9d39d01576cc77760b23b7be0aea56c68b
SHA256

010b8f865dce90452f05c5ae0e9f05731af9a9ebcc6e73c9359d7163c0bfe935
SHA512

b31e59637d545f517123854d048cc332173d6554a275417f003b79e07c56f694ce40942a0981d2639818dc0ba907c26e9b0f5427b0a6ce976066df512af91fb5
SSDEEP

12288:5mfO3xnA0ZHGvgbIMzRol4b3CI+jWLdA/u1M:UEA0wvW1Rol4F+jW5A/u6

Score

10^/10

loaderbot xmrig discovery miner persistence

Static task

static1

miner loaderbot xmrig

5 signatures

Behavioral task

behavioral1

Sample

________ ___________.exe

Resource

win7-20240704-en

xmrig discovery miner persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

________ ___________.exe

Resource

win10v2004-20240802-en

xmrig discovery miner persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

loaderbot

C2

http://pohacage.beget.tech/cmd.php

Targets

- Target
  
  ________ ___________.bin
- Size
  
  1.1MB
- MD5
  
  35b94119f76089e8937496e6942fb9dd
- SHA1
  
  8cc1318e56d7f57ac2c1f62ebfffdd2ad68c4d7c
- SHA256
  
  f69025c3989bcf53faa23fb240fc6710ab36ed36c13b5c2fa78c8725772dbe4f
- SHA512
  
  d899970fbb9dc843def051d03830cc76a27b9ea4fab9b4785eba901a45d85d1db91cfa2d7f2e7458a1353636a98d012842e831f34e6b2c7fc69e43d0db150348
- SSDEEP
  
  24576:obx7BAy6HWDVXL2dqzdasluCO5iiZmD5CdA:obJBAy6HWDVJdasYCO5iiZf
Score

10^/10

xmrig discovery miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Cryptocurrency Miner
  Makes network request to known mining pool URL.
  miner
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

minerloaderbotxmrig

behavioral1

xmrigdiscoveryminerpersistence

behavioral2

xmrigdiscoveryminerpersistence

© 2018-2024

Terms | Privacy