General

  • Target

    Loader (5).exe

  • Size

    57.1MB

  • Sample

    240603-ktzz6aag89

  • MD5

    c12013d17f01ef9a015b63ae4a65d84f

  • SHA1

    918c739e9c01b4f4fc50cf0eb68e1f9b9a30c181

  • SHA256

    0a4e61dae85bb2e377d32606468328a61c693734bd089149c69dafaa5ff23975

  • SHA512

    386b2ce64bda7b122cc9430133ad2b57dc616176a7e6e6d03c396c2dea5f3b452f69d0fefa90001170085f5081dcbd59b84441594bc1f14fa42a051988db3a0b

  • SSDEEP

    1572864:enVoaHQIiM0l2jV+vTSO1iDUfCD4bj3m/ot+J8ct:I32M0++vmJDQ+JOct

Malware Config

Targets

    • Target

      Loader (5).exe

    • Size

      57.1MB

    • MD5

      c12013d17f01ef9a015b63ae4a65d84f

    • SHA1

      918c739e9c01b4f4fc50cf0eb68e1f9b9a30c181

    • SHA256

      0a4e61dae85bb2e377d32606468328a61c693734bd089149c69dafaa5ff23975

    • SHA512

      386b2ce64bda7b122cc9430133ad2b57dc616176a7e6e6d03c396c2dea5f3b452f69d0fefa90001170085f5081dcbd59b84441594bc1f14fa42a051988db3a0b

    • SSDEEP

      1572864:enVoaHQIiM0l2jV+vTSO1iDUfCD4bj3m/ot+J8ct:I32M0++vmJDQ+JOct

    • UAC bypass

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Creates new service(s)

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks