77dc213ba8d1c31a3dcffb1195716a68ba077392f1ed0d9c9dd2c38dbb229458 | Triage

Sharing

General

Target

Loader.exe
Size

20.9MB
Sample

240713-ln8ksawblr
MD5

0d69a0c8a36cb686c159ef0da8e736be
SHA1

1257ed7d6cbc48ee0e3fe927af91c33db334c03a
SHA256

77dc213ba8d1c31a3dcffb1195716a68ba077392f1ed0d9c9dd2c38dbb229458
SHA512

b4d8b5a780189ec245ca3270f5aae6114406ac37d5dfc453e202323fc321956b1d11b92c361787440f02295d4f6d180aa1b69b0a18959127d76106bc5f5cd575
SSDEEP

393216:EhUhQ430ckp6baE15lkv/okhuIeOF87iaf5314kpYL8iAh2dhdzGoIfqsA:EyhQI0d9E15ivO8ylYLFh+CB

Score

9^/10

evasion execution persistence trojan

Malware Config

Targets

- Target
  
  Loader.exe
- Size
  
  20.9MB
- MD5
  
  0d69a0c8a36cb686c159ef0da8e736be
- SHA1
  
  1257ed7d6cbc48ee0e3fe927af91c33db334c03a
- SHA256
  
  77dc213ba8d1c31a3dcffb1195716a68ba077392f1ed0d9c9dd2c38dbb229458
- SHA512
  
  b4d8b5a780189ec245ca3270f5aae6114406ac37d5dfc453e202323fc321956b1d11b92c361787440f02295d4f6d180aa1b69b0a18959127d76106bc5f5cd575
- SSDEEP
  
  393216:EhUhQ430ckp6baE15lkv/okhuIeOF87iaf5314kpYL8iAh2dhdzGoIfqsA:EyhQI0d9E15ivO8ylYLFh+CB
Score

9^/10

evasion execution persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Creates new service(s)
  persistence execution
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionpersistencetrojan

behavioral2

evasionexecutionpersistencetrojan