aresloader | 3d5f7b3325f260dc291e2b1c24c54818d2edcde5527ef31168016ae9aad25fc6

Analysis

max time kernel
147s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-01-2025 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dogecoin-1.14.9-win32/daemon/dogecoind.exe
Size

10.8MB
MD5

bd105bf449a53559a1f03bc3cee01201
SHA1

beb01382e4f15f3ba0073816dcefdec05206bf6a
SHA256

a2ea0f21d7b418869651c791d8973c983cca3964aee225d03fbf9d72a2a18b31
SHA512

8d8605bfa802ea1bc491e1a9a63b7d01ac73f45b9e29777aacdc0d82fa85d7a6100b53b3ab6fe83c110444ef7e391e6f9b502b3c2f78da96918156b93135a060
SSDEEP

196608:6rGbOYFXKiN8lytROoQIv+vaMiYYkO1KNT7muZemqBFrKUr8920vqb8i9lpmP5sM:f1XKAQ8CzKuZenbZLbXuHSb4AjbfMkpq

Score

10^/10

aresloader discovery loader

Malware Config

Extracted

Family

aresloader

http://127.0.0.1:22555

Signatures

AresLoader
AresLoader is a loader and downloader written in C++.
loader aresloader
Aresloader family
aresloader

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dogecoind.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1728	dogecoind.exe
1728	dogecoind.exe
1728	dogecoind.exe
1728	dogecoind.exe
1728	dogecoind.exe
1728	dogecoind.exe
1728	dogecoind.exe
1728	dogecoind.exe

C:\Users\Admin\AppData\Local\Temp\dogecoin-1.14.9-win32\daemon\dogecoind.exe
"C:\Users\Admin\AppData\Local\Temp\dogecoin-1.14.9-win32\daemon\dogecoind.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1728

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\blk00000.dat

Filesize
16.0MB

MD5
f8a9d4cf20f20a50c812bd03c093e29a

SHA1
5a1f4a7c9fb731b6eee0845f8537e1ba1ff78f01

SHA256
da7bb5422e1a8562c612dc641b84271989a5a49139bcf79b76be2a8e9fb49dab

SHA512
c5b6666d4ee0d7b9755752c43990adf0c1ec21d4a0d03a7da5feaad8840694bad7573212661e7c1735cf16baa024a06ca1ec50dcf5f822fef45edb050c68a27f

Download Submit
C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\blk00000.dat

Filesize
16.0MB

MD5
0655a777c0e7fced17e04569506a1055

SHA1
51e3325e2f0b9989508e0a04234c79509ef23acb

SHA256
1edffbe81ea8943814b5193ea15a6abaeb67360a9a1e441e31dcf8760c60bc1e

SHA512
6547936b2fc9ba77d8b2a444ce9b39738e0e82710e9b579dd4bd026d81bc7a82bf282c7ed69202fe34773d0b513697254277f3b5fa8912c0cd7110107bfc4c36

Download Submit
C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\index\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\index\CURRENT~RFf77584d.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat

Filesize
1024KB

MD5
dd41aab55cd110a48e2c477e5bdfd861

SHA1
b632e1c2d5364789644cf0e7221688fed6bf93f1

SHA256
5f8065237265a8997a6141cd3538b3740dfc56f6034d5ddf57d995c10adcc954

SHA512
7170bad9aa0f662a9244db8cb85bddd1790ca50888db7acd065bf16fa5a88ce2a994d7b20d1af44c93690cc1f5cf44ffb53eec887dee76d91b68dde9a8febdab

Download Submit
C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat

Filesize
1024KB

MD5
731a2e79744bde541e2d0809f2bd0339

SHA1
ce809f144262aace667ffb34e4c280441cdae3aa

SHA256
682a82cc1c6b8e82111fac2eb443668e7679dc6bf61863266b66e9f393b0f3d4

SHA512
f7a84ea46ddd9df02a09e83cbdaf62b58e8821cb31aea9e3f14588f8e8142c911924f6ad74c3df4bc6ca5a8095dbaa2910bb60b96721caef9891545c18aab8fa

Download Submit
C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat

Filesize
1024KB

MD5
3938f3001762aee4ecca99eadf746dd7

SHA1
10e557e85ad182d350ef560a3395f5a0b8de8c73

SHA256
d2bf3dd2ef9999c65394cc7ad7a09bf16bb7e9174e1b11fdccd21285d21c23be

SHA512
9154090e2e8b8bdbc582b773720f58f495d444471590f0da14353cbcb49aa1bc6d736b3a0f902a003feed6373a8e7f22c5ce1ddccea5399db6ed3c15feec448b

Download Submit
C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat

Filesize
1024KB

MD5
928dadf5f47d70ddacf680c2a0b5d72a

SHA1
74bbfe46839bb0d9b5c257b6eb6964b6931de1a0

SHA256
78c75c2ee889c84a2bd2dbfc0fe2527d982c00e9d69574ff436c84a44f367f4e

SHA512
c5b0175ee92cf536a0999f4755bb4ad06dd55d8b95c4c2ab90d3b31e3824c1d01bc84c9142f287597dfd4dd86693adf23057f30595cdaddcfefceb6c2f6c0486

Download Submit
C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat

Filesize
1024KB

MD5
c51e119e9b3de39afcec1295e36f8143

SHA1
2714f5ae5035d30a829d2e1b8101c9f9ff55e1b5

SHA256
cf8e1055f5b20373c5be84bef57735e32ccdfe80475c72786c37805e3c6eb504

SHA512
992e87cb009ea3fb66fd392e794a71bd6f9986c610eae839d5c1441bdedcbdb880ec271f69d7505e2bd223e0e1e361dd8d29779c13848e19a3a86fe09466cc9b

Download Submit
C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat

Filesize
1024KB

MD5
2b450504ed37bdaf773ca30267f27e6b

SHA1
30ced55bd15be947adbf7452fa6cc46172e983f1

SHA256
ba3eb31efe37bf874dfb9106fdd5742c66b320be9953186d034f89f8a912359b

SHA512
640270b1e75a522fab23a4725bb3e31a207574a419922c5848717b7ff217999c20b2298461eaf0d66f29167e86774ec0a01d4dbab03da545448546889ae13d2b

Download Submit
C:\Users\Admin\AppData\Roaming\Dogecoin\database\log.0000000001

Filesize
1024KB

MD5
658febe2895469280ab23612db921a10

SHA1
837f78fbbb0f37509ba20c84dd0c1d1f96405979

SHA256
50be92195020a1079149cde10260f2ee88c9507b7aecc9b51ba41516b935504e

SHA512
e5c8b85b281360bb9e9ed9aeea98a614ed162e31d94bec3837c8122a7751c1efcb1ec50555260ee7852aa79680ec40532aba108c8d0e8b3f09efc481a8b1348d

Download Submit
memory/1728-266-0x0000000000BD0000-0x00000000016B6000-memory.dmp

Filesize
10.9MB

Download
memory/1728-265-0x0000000000BD0000-0x00000000016B6000-memory.dmp

Filesize
10.9MB

Download
memory/1728-256-0x0000000000BD0000-0x00000000016B6000-memory.dmp

Filesize
10.9MB

Download
memory/1728-651-0x0000000000BD0000-0x00000000016B6000-memory.dmp

Filesize
10.9MB

Download
memory/1728-684-0x0000000000BD0000-0x00000000016B6000-memory.dmp

Filesize
10.9MB

Download
memory/1728-685-0x0000000000BD0000-0x00000000016B6000-memory.dmp

Filesize
10.9MB

Download
memory/1728-686-0x0000000000BD0000-0x00000000016B6000-memory.dmp

Filesize
10.9MB

Download
memory/1728-687-0x0000000000BD0000-0x00000000016B6000-memory.dmp

Filesize
10.9MB

Download
memory/1728-688-0x0000000000BD0000-0x00000000016B6000-memory.dmp

Filesize
10.9MB

Download