General
-
Target
Loader (5).exe
-
Size
57.1MB
-
Sample
240603-ktzz6aag89
-
MD5
c12013d17f01ef9a015b63ae4a65d84f
-
SHA1
918c739e9c01b4f4fc50cf0eb68e1f9b9a30c181
-
SHA256
0a4e61dae85bb2e377d32606468328a61c693734bd089149c69dafaa5ff23975
-
SHA512
386b2ce64bda7b122cc9430133ad2b57dc616176a7e6e6d03c396c2dea5f3b452f69d0fefa90001170085f5081dcbd59b84441594bc1f14fa42a051988db3a0b
-
SSDEEP
1572864:enVoaHQIiM0l2jV+vTSO1iDUfCD4bj3m/ot+J8ct:I32M0++vmJDQ+JOct
Static task
static1
Behavioral task
behavioral1
Sample
Loader (5).exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Loader (5).exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Loader (5).exe
-
Size
57.1MB
-
MD5
c12013d17f01ef9a015b63ae4a65d84f
-
SHA1
918c739e9c01b4f4fc50cf0eb68e1f9b9a30c181
-
SHA256
0a4e61dae85bb2e377d32606468328a61c693734bd089149c69dafaa5ff23975
-
SHA512
386b2ce64bda7b122cc9430133ad2b57dc616176a7e6e6d03c396c2dea5f3b452f69d0fefa90001170085f5081dcbd59b84441594bc1f14fa42a051988db3a0b
-
SSDEEP
1572864:enVoaHQIiM0l2jV+vTSO1iDUfCD4bj3m/ot+J8ct:I32M0++vmJDQ+JOct
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Creates new service(s)
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1