Overview

overview

10

Static

static

10

dogecoin-1...li.exe

windows7-x64

3

dogecoin-1...li.exe

windows10-2004-x64

3

dogecoin-1...nd.exe

windows7-x64

10

dogecoin-1...nd.exe

windows10-2004-x64

10

dogecoin-1...qt.exe

windows7-x64

10

dogecoin-1...qt.exe

windows10-2004-x64

10

dogecoin-1...re.exe

windows7-x64

10

dogecoin-1...re.exe

windows10-2004-x64

10

dogecoin-1...ll.exe

windows7-x64

7

dogecoin-1...ll.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    299s
  • max time network
    298s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2025 11:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dogecoin-1.14.9-win32/daemon/dogecoind.exe

  • Size

    10.8MB

  • MD5

    bd105bf449a53559a1f03bc3cee01201

  • SHA1

    beb01382e4f15f3ba0073816dcefdec05206bf6a

  • SHA256

    a2ea0f21d7b418869651c791d8973c983cca3964aee225d03fbf9d72a2a18b31

  • SHA512

    8d8605bfa802ea1bc491e1a9a63b7d01ac73f45b9e29777aacdc0d82fa85d7a6100b53b3ab6fe83c110444ef7e391e6f9b502b3c2f78da96918156b93135a060

  • SSDEEP

    196608:6rGbOYFXKiN8lytROoQIv+vaMiYYkO1KNT7muZemqBFrKUr8920vqb8i9lpmP5sM:f1XKAQ8CzKuZenbZLbXuHSb4AjbfMkpq

Score
10/10
aresloaderdiscoveryloader

Malware Config

Extracted

Family

aresloader

C2

http://127.0.0.1:22555

Signatures

  • AresLoader

    AresLoader is a loader and downloader written in C++.

    loaderaresloader
  • Aresloader family
    aresloader
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dogecoin-1.14.9-win32\daemon\dogecoind.exe
    "C:\Users\Admin\AppData\Local\Temp\dogecoin-1.14.9-win32\daemon\dogecoind.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1384
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:2924

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\blk00000.dat
      Filesize

      16.0MB

      MD5

      4075d37e89cb459b924866989ab93bdb

      SHA1

      c77ed7391ddbe34224b79155f83dcd26a51b3842

      SHA256

      d6f11c85f56bcb64e24f2f4d6941c73975c83263bd393c2c77a90c4259ebc8e2

      SHA512

      f72a3c4f541c42e103d7cfa9e13de28827c46ea24b29b041e3a60827c4083cbb60316c07262e70d2649330198383a361aaf5d51e4300a76b25162f3350272e0d

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\index\000002.dbtmp
      Filesize

      16B

      MD5

      206702161f94c5cd39fadd03f4014d98

      SHA1

      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

      SHA256

      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

      SHA512

      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\index\CURRENT
      Filesize

      16B

      MD5

      46295cac801e5d4857d09837238a6394

      SHA1

      44e0fa1b517dbf802b18faf0785eeea6ac51594b

      SHA256

      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

      SHA512

      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
      Filesize

      1024KB

      MD5

      7b15cbb0d0fbbbf02c78679a2175eabc

      SHA1

      a54de459d94f69227c5cf357b6adca85429e2659

      SHA256

      d4b64644d1d943dde056686c28691d65b8ac7dc9dcc81755b07fa0390d47d29d

      SHA512

      bf728472bc6161a67bf72a101c3a0ac09e57cd0ac8c520f97f5e6404df6249f726ec7fd8b3d363fa1a9fa47ce3c9843aed431dc18fb0ecd362ebcd408f609132

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
      Filesize

      1024KB

      MD5

      928dadf5f47d70ddacf680c2a0b5d72a

      SHA1

      74bbfe46839bb0d9b5c257b6eb6964b6931de1a0

      SHA256

      78c75c2ee889c84a2bd2dbfc0fe2527d982c00e9d69574ff436c84a44f367f4e

      SHA512

      c5b0175ee92cf536a0999f4755bb4ad06dd55d8b95c4c2ab90d3b31e3824c1d01bc84c9142f287597dfd4dd86693adf23057f30595cdaddcfefceb6c2f6c0486

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
      Filesize

      1024KB

      MD5

      c51e119e9b3de39afcec1295e36f8143

      SHA1

      2714f5ae5035d30a829d2e1b8101c9f9ff55e1b5

      SHA256

      cf8e1055f5b20373c5be84bef57735e32ccdfe80475c72786c37805e3c6eb504

      SHA512

      992e87cb009ea3fb66fd392e794a71bd6f9986c610eae839d5c1441bdedcbdb880ec271f69d7505e2bd223e0e1e361dd8d29779c13848e19a3a86fe09466cc9b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
      Filesize

      1024KB

      MD5

      d137a538f5fe0c6fd3f42af18c3560be

      SHA1

      8b7376c33c0d61494127d56008477e4f7cea5a0a

      SHA256

      92bd724e232cd8f68da078c4903778e2ae5e0e631ec372ac2cd9d39fd7e91a76

      SHA512

      02a776ffce6468f8df2647fdc861f413fc9cbb31d496a651ef0b7a2009f166777e86c8e459cd29e9af164ab049ea2c2d3a706524129f510d5491635432b12ce1

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Dogecoin\blocks\rev00000.dat
      Filesize

      1024KB

      MD5

      10cc7864a91a364ad279702205095f22

      SHA1

      b2857d406bf279496de445f15f590c927383f550

      SHA256

      28b25e4c6ea3cfc26e26624b4f29ec6283f70d49ad59186522423f8a4e6a9b32

      SHA512

      19bfaf4b5a47f35a157ab87d21557b848d0b11095f3c7e13c9b8c5be2a7d085e16bf2c9afa2cfd3ab2be14f357a605004a1d2a1b7c33d2566255be9c32564c7d

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Dogecoin\database\log.0000000001
      Filesize

      1024KB

      MD5

      cc9ac3dc239bbb7280b026bbb59455a3

      SHA1

      bb505d8e9f5d7fcb905d3e4c63d6c6009bc4039a

      SHA256

      df76a9bc5965d09cf67f5e1c59695ce3a4c946fa2436b59409face480964a56d

      SHA512

      e550a6bc1b3b42ee7f3f81e2f84685dd692bebacb8ce5aba6a253dbe14e6b11a8ff432609128a8b387d5395c2c09f285b752d2945d5bfd19bff830965b64d92f

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Dogecoin\wallet.dat
      Filesize

      16KB

      MD5

      bc750e086eb72647c09fc707dee8a79c

      SHA1

      5df7f3ee5599d22224eddd2ed4fec5661bdc2371

      SHA256

      976dd8e70d1d1959a52cb30d46ad1a2aa5a10efd816ae34d11df9116f9c34c69

      SHA512

      bba93f33b035cfd9432c5f79a0924f5e65d13f18a5af7c3fb65887033007054c1573bb31c2c9de2b4f9d8eedef0446e45a3539c5385c9a08fdbcd79b62804f04

      Download Submit

    • memory/1384-271-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-790-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-275-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-273-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-272-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-340-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-270-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-269-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-268-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-260-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-565-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-274-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-1081-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-1370-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-1723-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-2012-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-2141-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-2624-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-3410-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-4108-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-4118-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-4281-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-4292-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1384-4295-0x0000000000FB0000-0x0000000001A96000-memory.dmp

      Filesize

      10.9MB

      Download