Overview

overview

8

Static

static

7

Windows Loader.exe

windows7-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Windows Loader.exe

  • Size

    3.8MB

  • Sample

    230325-na5cbaee8t

  • MD5

    323c0fd51071400b51eedb1be90a8188

  • SHA1

    0efc35935957c25193bbe9a83ab6caa25a487ada

  • SHA256

    2f2aba1e074f5f4baa08b524875461889f8f04d4ffc43972ac212e286022ab94

  • SHA512

    4c501c7135962e2f02b68d6069f2191ddb76f990528dacd209955a44972122718b9598400ba829abab2d4345b4e1a4b93453c8e7ba42080bd492a34cf8443e7e

  • SSDEEP

    49152:cEYCFEvlmOmTgtFM3uK5m3imrHuiff+puWV355FXw/+zuWV355FXw/+DuWV355FP:cEYzEFTgtFM3ukm3imPnt

Score
8/10
discoveryexploitupx

Malware Config

Targets

    • Target

      Windows Loader.exe

    • Size

      3.8MB

    • MD5

      323c0fd51071400b51eedb1be90a8188

    • SHA1

      0efc35935957c25193bbe9a83ab6caa25a487ada

    • SHA256

      2f2aba1e074f5f4baa08b524875461889f8f04d4ffc43972ac212e286022ab94

    • SHA512

      4c501c7135962e2f02b68d6069f2191ddb76f990528dacd209955a44972122718b9598400ba829abab2d4345b4e1a4b93453c8e7ba42080bd492a34cf8443e7e

    • SSDEEP

      49152:cEYCFEvlmOmTgtFM3uK5m3imrHuiff+puWV355FXw/+zuWV355FXw/+DuWV355FP:cEYzEFTgtFM3ukm3imPnt

    Score
    8/10
    discoveryexploitupx

    • Possible privilege escalation attempt

      exploit

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks