Behavioral task
behavioral1
Sample
1404-55-0x00000000002C0000-0x0000000001324000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1404-55-0x00000000002C0000-0x0000000001324000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
1404-55-0x00000000002C0000-0x0000000001324000-memory.dmp
-
Size
16.4MB
-
MD5
a40922a0817209921c662b4bc780074b
-
SHA1
284b40820d81280fa938c6c76dca15b712fb8813
-
SHA256
5f9a1acbfa17eca5ded815ac04fed1a4a60f5a098363633ef005a77497e5640c
-
SHA512
7796e69eed7adb0bb676e759cd36bd64734e3ff32cd27abe16f628afe38c1b91223ff529605d4ed65d63dc618cbe33590902edf7ecf23dbed7994f028c1251bb
-
SSDEEP
393216:ZuEKRCaqXnU6lzje+CtrDXXTUPSPS4JTZ/wJ3cip8b96:ZuLqXWTZ8DKbE
Malware Config
Extracted
loaderbot
http://92.204.173.86/cmd.php
Signatures
-
LoaderBot executable 1 IoCs
Processes:
resource yara_rule sample loaderbot -
Loaderbot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1404-55-0x00000000002C0000-0x0000000001324000-memory.dmp
Files
-
1404-55-0x00000000002C0000-0x0000000001324000-memory.dmp.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3.5MB - Virtual size: 3.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE