Overview

overview

8

Static

static

7

loader.exe

windows7-x64

8

loader.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loader.exe

  • Size

    6.1MB

  • Sample

    230319-dslmtaef62

  • MD5

    84fe78739646ba71d4d5a59c1369b28c

  • SHA1

    6782776ee9200edf434912b36bb28c948fc41316

  • SHA256

    f3750c30e84074512a355f25b9cf651034dbe5f491897014121f2b5fb002952e

  • SHA512

    17e7cfbb5d3930e94fe806854529868e8e491389ee4a8a593778539aab7d98d807a38981e74a267ae1502d1470d848836ce32545d2db6df50fa1d4b1b8d20b32

  • SSDEEP

    98304:Ob+UgDy3LQGeYUN00og5W+gCch2DaWF638VyBEBMM/AVujQc:E+UgBGXG00PW+lchMaM63vBEJ7

Score
8/10
evasionvmprotect

Malware Config

Targets

    • Target

      loader.exe

    • Size

      6.1MB

    • MD5

      84fe78739646ba71d4d5a59c1369b28c

    • SHA1

      6782776ee9200edf434912b36bb28c948fc41316

    • SHA256

      f3750c30e84074512a355f25b9cf651034dbe5f491897014121f2b5fb002952e

    • SHA512

      17e7cfbb5d3930e94fe806854529868e8e491389ee4a8a593778539aab7d98d807a38981e74a267ae1502d1470d848836ce32545d2db6df50fa1d4b1b8d20b32

    • SSDEEP

      98304:Ob+UgDy3LQGeYUN00og5W+gCch2DaWF638VyBEBMM/AVujQc:E+UgBGXG00PW+lchMaM63vBEJ7

    Score
    8/10
    evasionvmprotect

    • Stops running service(s)

      evasion

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Service Stop

1
T1489

Tasks