General
-
Target
EXPENSIVE LOADER.exe
-
Size
1.3MB
-
Sample
230924-qwaqyafd8s
-
MD5
bfb9334833749790c0df81ab1489c5a9
-
SHA1
b38e3080dfb1d35ae303b9f0c14a7cf12621de7c
-
SHA256
cc16768fe66b11c07282c6d5d543701b85b283a44de51fdd4a9bd2a014f37b68
-
SHA512
e41a66d9932f7853c9015ef0361cfbf4702a31d356e97dae1fb9ece085b808cac0e9a5d6d70a2763d08b3f940aacc074181bae6755077933d97f9a92b93c65d1
-
SSDEEP
24576:bw3SBs2Mhfs2OcpIi5aO9z1dn7Az8Zk61NlPXYpky7vKCB/nO:E3P2MhkPTaz1tswiKPXYpkyjKCB/O
Static task
static1
Behavioral task
behavioral1
Sample
EXPENSIVE LOADER.exe
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
EXPENSIVE LOADER.exe
-
Size
1.3MB
-
MD5
bfb9334833749790c0df81ab1489c5a9
-
SHA1
b38e3080dfb1d35ae303b9f0c14a7cf12621de7c
-
SHA256
cc16768fe66b11c07282c6d5d543701b85b283a44de51fdd4a9bd2a014f37b68
-
SHA512
e41a66d9932f7853c9015ef0361cfbf4702a31d356e97dae1fb9ece085b808cac0e9a5d6d70a2763d08b3f940aacc074181bae6755077933d97f9a92b93c65d1
-
SSDEEP
24576:bw3SBs2Mhfs2OcpIi5aO9z1dn7Az8Zk61NlPXYpky7vKCB/nO:E3P2MhkPTaz1tswiKPXYpkyjKCB/O
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks for any installed AV software in registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1