Overview

overview

9

Static

static

7

Loader_1.exe

windows10-2004-x64

9

Resubmissions

24/06/2024, 18:02

240624-wmnt4aycpp 9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Loader_1.exe

  • Size

    4.3MB

  • Sample

    240624-wmnt4aycpp

  • MD5

    1a4692d23e56b9bce84865501743073a

  • SHA1

    ed0ac18e6fa9bfc60cd548f48ed96c41752bec61

  • SHA256

    98191a1b44250b407896dae622506d8f4fc248f7d121aa83d4ece8e218bdcb13

  • SHA512

    202107b9bea34884a2317aa80e15d6e500429f7a97b94effc8572a52e30aa5ffbedfab50f62ed0a4993f6aaa7c4c4282a9cbd9e57699e5d00a9bbe863875d19d

  • SSDEEP

    98304:qa6qab6Yw0kjN2n0errC+72n0Y5tmholG2PvMF/D:qXqi6HL2nzrCttr1PYD

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Loader_1.exe

    • Size

      4.3MB

    • MD5

      1a4692d23e56b9bce84865501743073a

    • SHA1

      ed0ac18e6fa9bfc60cd548f48ed96c41752bec61

    • SHA256

      98191a1b44250b407896dae622506d8f4fc248f7d121aa83d4ece8e218bdcb13

    • SHA512

      202107b9bea34884a2317aa80e15d6e500429f7a97b94effc8572a52e30aa5ffbedfab50f62ed0a4993f6aaa7c4c4282a9cbd9e57699e5d00a9bbe863875d19d

    • SSDEEP

      98304:qa6qab6Yw0kjN2n0errC+72n0Y5tmholG2PvMF/D:qXqi6HL2nzrCttr1PYD

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks