Overview

overview

9

Static

static

7

Loader.exe

windows7-x64

9

Loader.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Loader.exe

  • Size

    19.3MB

  • Sample

    230628-dtwjeagb78

  • MD5

    43056f8400419be5426d7fed2105bdf2

  • SHA1

    599f89d800c4d5dad31eb2a3a26764f20b7f70f5

  • SHA256

    a197539d7829e12ddcdc957e9fab08c2c533886676fded1e74941fa2d4cfb27a

  • SHA512

    c96a34261444834fa8e98bbf242991c644170f6f64c6feeaadb650a896ecf6a9417bc6c682b507c1f9281c22a91e2dfe6533206fe0d2386281aff6c0dc75d0c7

  • SSDEEP

    393216:QwbUeEyza3TYaTp/T9tqge+hm3opejKUhycoQINsjaRJybBnKB6:fHoT9Tp/337hmGcKUMZQjJFQ

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      19.3MB

    • MD5

      43056f8400419be5426d7fed2105bdf2

    • SHA1

      599f89d800c4d5dad31eb2a3a26764f20b7f70f5

    • SHA256

      a197539d7829e12ddcdc957e9fab08c2c533886676fded1e74941fa2d4cfb27a

    • SHA512

      c96a34261444834fa8e98bbf242991c644170f6f64c6feeaadb650a896ecf6a9417bc6c682b507c1f9281c22a91e2dfe6533206fe0d2386281aff6c0dc75d0c7

    • SSDEEP

      393216:QwbUeEyza3TYaTp/T9tqge+hm3opejKUhycoQINsjaRJybBnKB6:fHoT9Tp/337hmGcKUMZQjJFQ

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Stops running service(s)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks