Overview

overview

9

Static

static

7

ORBIT_LOADER.exe

windows7-x64

9

ORBIT_LOADER.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    ORBIT_LOADER.exe

  • Size

    5.2MB

  • Sample

    240517-appcragg89

  • MD5

    ab8ea4e8d3ec08f836a35ce25fd10148

  • SHA1

    f459d4004f694eec36c7ade7cf299cf5dab106df

  • SHA256

    81c663919ce3e73d308b36ca891c020b24fdc554f38c6bfabeaacf75774d91fe

  • SHA512

    9a57db2b6749862b42f1d1589765911ba42835d8165e17224af2b75e7252c15a59845a465e35f041f3d74a68602969120d8a829e250e6f8a1170dac6372f559b

  • SSDEEP

    98304:gAdadD3IL5UcY7GlU3iI2IKGK3pPGmAOLkOfAchCjtOGBdGe84BHRIbBkC3:gaoD3xRqlpIDKGK3pGmmOa1mn4BHNC3

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      ORBIT_LOADER.exe

    • Size

      5.2MB

    • MD5

      ab8ea4e8d3ec08f836a35ce25fd10148

    • SHA1

      f459d4004f694eec36c7ade7cf299cf5dab106df

    • SHA256

      81c663919ce3e73d308b36ca891c020b24fdc554f38c6bfabeaacf75774d91fe

    • SHA512

      9a57db2b6749862b42f1d1589765911ba42835d8165e17224af2b75e7252c15a59845a465e35f041f3d74a68602969120d8a829e250e6f8a1170dac6372f559b

    • SSDEEP

      98304:gAdadD3IL5UcY7GlU3iI2IKGK3pPGmAOLkOfAchCjtOGBdGe84BHRIbBkC3:gaoD3xRqlpIDKGK3pGmmOa1mn4BHNC3

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks