Overview

overview

8

Static

static

8

Windows Loader.exe

windows7-x64

Windows Loader.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loader.rar

  • Size

    27.1MB

  • Sample

    221207-xrzylaag7x

  • MD5

    6da61a542c463d33545ad104f8f06077

  • SHA1

    fa9072cfefeb39003cb4f00ecc3271a9af653bd2

  • SHA256

    45fb58dd7ab0b71d04c6ba566dbabd5a134f8fbb4ba0df6ecb5c7bc3bc1198c6

  • SHA512

    a1c5af7d4657aa95334ea7d2a7f628f4167fab1baa1c98f5e2bd408db7c27faf21c54b0a0993c63342f2a7db9aa2ecd3547023ced98d7dc6c677f85c8c19ae30

  • SSDEEP

    786432:c5SedNJTCBRZR18RKP2PS9PLglelC5AUsqb:4XdNJ0DEKP2PS9EN5AUsY

Score
8/10
discoveryexploitupx

Malware Config

Targets

    • Target

      Windows Loader.exe

    • Size

      3.8MB

    • MD5

      323c0fd51071400b51eedb1be90a8188

    • SHA1

      0efc35935957c25193bbe9a83ab6caa25a487ada

    • SHA256

      2f2aba1e074f5f4baa08b524875461889f8f04d4ffc43972ac212e286022ab94

    • SHA512

      4c501c7135962e2f02b68d6069f2191ddb76f990528dacd209955a44972122718b9598400ba829abab2d4345b4e1a4b93453c8e7ba42080bd492a34cf8443e7e

    • SSDEEP

      49152:cEYCFEvlmOmTgtFM3uK5m3imrHuiff+puWV355FXw/+zuWV355FXw/+DuWV355FP:cEYzEFTgtFM3ukm3imPnt

    Score
    8/10
    discoveryexploitupx

    • Executes dropped EXE

    • Possible privilege escalation attempt

      exploit

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Modifies file permissions

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks