General

  • Target

    Loader.exe

  • Size

    21.2MB

  • Sample

    240228-zyy1zsea52

  • MD5

    641724e3d8211104be31438b62dc7d15

  • SHA1

    114e784ccc74babf9590583bff1e1e83e8929bb4

  • SHA256

    569542c9e1cc03c6e2482db365581e60c94f6fae7e130059ecd6fd4e1501ac2d

  • SHA512

    5fc3562e2b0483f9c6ca6b16586d9f15b585b692f98c7547f3ce087114e9c8bb35e7a2d54e0e788489573ebf405650104c8ebf377baddc3cbacc8321916eeb2f

  • SSDEEP

    393216:FBKR69QxEl93SQh6mn7tG+vp2jbKmMQL8NGm10C9REV6f01Serw2ngtTV:LKIsGj6CRGu23MBGm9wXzngT

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      21.2MB

    • MD5

      641724e3d8211104be31438b62dc7d15

    • SHA1

      114e784ccc74babf9590583bff1e1e83e8929bb4

    • SHA256

      569542c9e1cc03c6e2482db365581e60c94f6fae7e130059ecd6fd4e1501ac2d

    • SHA512

      5fc3562e2b0483f9c6ca6b16586d9f15b585b692f98c7547f3ce087114e9c8bb35e7a2d54e0e788489573ebf405650104c8ebf377baddc3cbacc8321916eeb2f

    • SSDEEP

      393216:FBKR69QxEl93SQh6mn7tG+vp2jbKmMQL8NGm10C9REV6f01Serw2ngtTV:LKIsGj6CRGu23MBGm9wXzngT

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks