Overview

overview

9

Static

static

3

loader_protected.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loader_protected.exe

  • Size

    2.0MB

  • Sample

    240707-zb5v1sxglm

  • MD5

    7dff54fe1abbe3f1bb504488d31b7e9d

  • SHA1

    83c2cb75f52dd3b8deb2f34e2171ddd315328010

  • SHA256

    c7a583d26fdaa85b0a2e552a235e8fefc4dbdbb70f62265e67b84e76e475555c

  • SHA512

    4173efed27bfdeff820eb0a42b0756359046028865dbef998b94c81927d9c3c2437ff6a69ffd374df86bd2fc05de3461b830c214e3d85cc5420326751b844ae9

  • SSDEEP

    49152:GRzeXhAkqP97fBP/HZkt3gLDFZ52oGrDov:GRzyAT7fcmZ52okDG

Score
9/10
evasion

Malware Config

Targets

    • Target

      loader_protected.exe

    • Size

      2.0MB

    • MD5

      7dff54fe1abbe3f1bb504488d31b7e9d

    • SHA1

      83c2cb75f52dd3b8deb2f34e2171ddd315328010

    • SHA256

      c7a583d26fdaa85b0a2e552a235e8fefc4dbdbb70f62265e67b84e76e475555c

    • SHA512

      4173efed27bfdeff820eb0a42b0756359046028865dbef998b94c81927d9c3c2437ff6a69ffd374df86bd2fc05de3461b830c214e3d85cc5420326751b844ae9

    • SSDEEP

      49152:GRzeXhAkqP97fBP/HZkt3gLDFZ52oGrDov:GRzyAT7fcmZ52okDG

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks