Overview

overview

10

Static

static

3

Protected_Loader.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Protected_Loader.zip

  • Size

    26.3MB

  • Sample

    210805-k8bw3njq5e

  • MD5

    41cc97b103facbb11f4041665d621178

  • SHA1

    1cced80d8489cee5c701e4ffc7223b90c2e43e59

  • SHA256

    60eab58a73721f31c107472e1dc43c3aa4353e85bc1d944574e899322f4fba4e

  • SHA512

    6eedc30b4b30d1adafda5daa3e57ead2ed95634674aa5b299bef191dcdd9b85d838ae4190c63188476dda1b655dc1bb1cbbd6ee72ee52323b52920fbcad6ced1

Score
10/10
evasionpyinstallertrojanupx

Malware Config

Targets

    • Target

      Protected_Loader.exe

    • Size

      27.2MB

    • MD5

      0356245dd29597e8ff8bf02102cf80e1

    • SHA1

      76ac5a293f7e270b14ac696de42a0eeef41f580c

    • SHA256

      40b13f8d0321974a89190652fc5c2029838a22421cfb576cdf22f893ba752f60

    • SHA512

      d22288277db2a4ebdf44a418a4a03d1196f6c2ad80e0cfb99149c63629353d6eefaaf5bb34af1aa6cb3871027a8fc62766f420696ec2a1af321a6a87053543bd

    Score
    10/10
    evasionpyinstallertrojanupx

    • Modifies security service

      evasion

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops startup file

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Disabling Security Tools

1
T1089

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks