loaderbot

General

Target

4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118
Size

14.3MB
Sample

240516-ycqxtada2s
MD5

4cbc50b0f7d5bd24c6f9ab3139af9e39
SHA1

53d1fd3d74c547cfe5af27dc887783cc4b21339b
SHA256

619af4a455d2f08be2d92d5d59fbd3737278b8746a6162d995be1263eea9add2
SHA512

915f5d0073bf853786ae55535e3f4e1df168c2cb9ab8df4e3f7691fbfbb5831fb0edd21eef5442389117292fa982001454a54fb8e4b95c89df160ea0067078ea
SSDEEP

393216:uSgdVRLcqFuq7Oy0o2ZYcfQZgHO5FU+2JNFOwNreA6F915:uFDRLkg0o267GS2JnO0rfq9f

Score

10^/10

Malware Config

Targets

- Target
  
  4cbc50b0f7d5bd24c6f9ab3139af9e39_JaffaCakes118
- Size
  
  14.3MB
- MD5
  
  4cbc50b0f7d5bd24c6f9ab3139af9e39
- SHA1
  
  53d1fd3d74c547cfe5af27dc887783cc4b21339b
- SHA256
  
  619af4a455d2f08be2d92d5d59fbd3737278b8746a6162d995be1263eea9add2
- SHA512
  
  915f5d0073bf853786ae55535e3f4e1df168c2cb9ab8df4e3f7691fbfbb5831fb0edd21eef5442389117292fa982001454a54fb8e4b95c89df160ea0067078ea
- SSDEEP
  
  393216:uSgdVRLcqFuq7Oy0o2ZYcfQZgHO5FU+2JNFOwNreA6F915:uFDRLkg0o267GS2JnO0rfq9f
Score

10^/10

loaderbot xmrig loader miner persistence
- LoaderBot
  LoaderBot is a loader written in .NET downloading and executing miners.
  loader miner loaderbot
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- LoaderBot executable
- XMRig Miner payload
  miner
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $1/1337/Alexandr.exe
- Size
  
  3.1MB
- MD5
  
  7afcb8667f1ec33f0cc084936a8a4044
- SHA1
  
  a2755123f3515fbfcbd5b1ab38c22fa757b8afa8
- SHA256
  
  2304cf3b3d0753318d60c2769c535a164d5f56ee0343c59ac616036d95e8ad71
- SHA512
  
  bc04b81c01df03b360c225709d2db3078d1fb45fc2a67713f5f5154d050c71e241c2c7590f510d9f7ac3a0a4bc820b3b171d96cb56d23c0496df184e527162b8
- SSDEEP
  
  98304:A5aFQWMH0wPoBn1ZPBIjKNMxCSz4Rg4MuykNt:A5aF1MHropPDuhg3z
Score

7^/10
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $1/1337/ExtrimHack [free][17.08.2020].exe
- Size
  
  11.3MB
- MD5
  
  74541b23f5f5c2d86616bea5497db51f
- SHA1
  
  34d9f8cfbbe0999dd016e32ac4015cbcd127fbdc
- SHA256
  
  20b6d5a91f896f10a868a95adf50c1710c6a44d841a565bd15ec64fad809449c
- SHA512
  
  8289d9fba78a9143b8baabde22a083ab1384ff03c36791f80cdd7fac056bcec0ecfd46a7264492b4fce25ba1d2d90784619a1da0f72cb1e759dab806b3286d13
- SSDEEP
  
  196608:upuMlcqs/RrpLiCnx6pyC9lkfVxUi5bb4AJyMw5u+KWDt51ZyvVh8tEHtnCY8MxT:CuQcqs/RrpLvnEgC9laDbVr6KM5yVh8E
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  2ae993a2ffec0c137eb51c8832691bcb
- SHA1
  
  98e0b37b7c14890f8a599f35678af5e9435906e1
- SHA256
  
  681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59
- SHA512
  
  2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9
- SSDEEP
  
  192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
Score

3^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

xmrig

LoaderBot executable

XMRig Miner payload

Manipulates Digital Signatures

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

Drops startup file

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8