Overview

overview

10

Static

static

7

Loader.exe

windows7-x64

10

Loader.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.exe

  • Size

    44.2MB

  • Sample

    230901-3w4p8sac9x

  • MD5

    3717f7d447fa2e11b78085b70b4db53d

  • SHA1

    4fdceba008248c134f1ec61b16968816716b0140

  • SHA256

    cc566bd4e3bab54426f4940e6817ff0a1e0be39bfd2ece80cce4ee0c0674e02d

  • SHA512

    a6c942095ace315c77934ac2eff9f5535d992342abee31b8a2c328e694499c28ee71a3d9fb80351f9dfd62cb28c4eb73fb00563dae71f02fb6759c2c29e64ee2

  • SSDEEP

    786432:yte4pWy7IuSLAtMXnjj/o0nGsJqNdT8biIY9eZOtuhq+4J/EjXbF:yte4UuSLAiXnjj1k7gnaeZOEh74JkbF

Score
10/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      44.2MB

    • MD5

      3717f7d447fa2e11b78085b70b4db53d

    • SHA1

      4fdceba008248c134f1ec61b16968816716b0140

    • SHA256

      cc566bd4e3bab54426f4940e6817ff0a1e0be39bfd2ece80cce4ee0c0674e02d

    • SHA512

      a6c942095ace315c77934ac2eff9f5535d992342abee31b8a2c328e694499c28ee71a3d9fb80351f9dfd62cb28c4eb73fb00563dae71f02fb6759c2c29e64ee2

    • SSDEEP

      786432:yte4pWy7IuSLAtMXnjj/o0nGsJqNdT8biIY9eZOtuhq+4J/EjXbF:yte4UuSLAiXnjj1k7gnaeZOEh74JkbF

    Score
    10/10
    evasionthemidatrojan

    • UAC bypass

      evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks