General
-
Target
Loader.exe
-
Size
21.2MB
-
Sample
240228-zyy1zsea52
-
MD5
641724e3d8211104be31438b62dc7d15
-
SHA1
114e784ccc74babf9590583bff1e1e83e8929bb4
-
SHA256
569542c9e1cc03c6e2482db365581e60c94f6fae7e130059ecd6fd4e1501ac2d
-
SHA512
5fc3562e2b0483f9c6ca6b16586d9f15b585b692f98c7547f3ce087114e9c8bb35e7a2d54e0e788489573ebf405650104c8ebf377baddc3cbacc8321916eeb2f
-
SSDEEP
393216:FBKR69QxEl93SQh6mn7tG+vp2jbKmMQL8NGm10C9REV6f01Serw2ngtTV:LKIsGj6CRGu23MBGm9wXzngT
Static task
static1
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
Loader.exe
-
Size
21.2MB
-
MD5
641724e3d8211104be31438b62dc7d15
-
SHA1
114e784ccc74babf9590583bff1e1e83e8929bb4
-
SHA256
569542c9e1cc03c6e2482db365581e60c94f6fae7e130059ecd6fd4e1501ac2d
-
SHA512
5fc3562e2b0483f9c6ca6b16586d9f15b585b692f98c7547f3ce087114e9c8bb35e7a2d54e0e788489573ebf405650104c8ebf377baddc3cbacc8321916eeb2f
-
SSDEEP
393216:FBKR69QxEl93SQh6mn7tG+vp2jbKmMQL8NGm10C9REV6f01Serw2ngtTV:LKIsGj6CRGu23MBGm9wXzngT
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Defense Evasion
Impair Defenses
1Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1