18b7e51b0f80744208e78cdbdc707e5b8467991af8bdea3c47f3ee25ad864277

Sharing

Copy URL

Twitter E-mail

General

Target

LoaderV6.zip
Size

15.2MB
Sample

240720-1cmlhaydqq
MD5

273e74c7c8e4fefcafca7ab2c634fef7
SHA1

9a01e91e93cef5c77de8c70b8ae80da15a540fff
SHA256

18b7e51b0f80744208e78cdbdc707e5b8467991af8bdea3c47f3ee25ad864277
SHA512

d3f788e51d165b72ebf9c46a3463dd594df308bc199a8f70db25945450ab0c5da3cb1aeffeb6cf9f46f323150bd4d5d660fefd054fed956a5b491dd21e228277
SSDEEP

393216:wjdAJ/kHfMO2/w1kBY8l5aFEYF/pAYfxXaI+vQkXLLcDlE610Cgr:wjKsHfMO2/wBFFF/pAYfR0vQk8DlN0Nr

Score

8^/10

Malware Config

Targets

- Target
  
  LoaderV6/Additions/wmpnetwk.dll
- Size
  
  32KB
- MD5
  
  8cd455334b6cdd06beeeb898e1e83052
- SHA1
  
  e104ab973744bac982efa50f055a5a45daed2aee
- SHA256
  
  5270f60d90a15ce9d728c328495fb714daa1267a7363a70225badfa252a38ad0
- SHA512
  
  922f329f32d935946490cb7ff409689f2c2610fd09efe7e9e095a6e10aee838dde585aa6cbc4e816c42c7a61aa989daf3633edd553ed4a355d7eed6225091859
- SSDEEP
  
  192:400xT+MOj4Edw+bRFCPkzMTYEwdwbFS33eWTqa2ilecbAvyv/PjxNlMopnTXmCly:400xvnyK9EN5VlVECXIWeF
Score

1^/10
behavioral1
- Target
  
  LoaderV6/Additions/wmpnssci.dll
- Size
  
  4KB
- MD5
  
  ceb507d981f24eab435ac247a5493dc2
- SHA1
  
  2224b6607b84063173edece209ded693d6f3471c
- SHA256
  
  1c443783d20272e22ef0e2acc0d4ca26ad8623c600882354c4849534b6d8737d
- SHA512
  
  53a9de578985de120a886fbfb0d6a883518b302fbe3d2ae3b8cb4f884578ea644083cff9da88502ca74ffebd46804a5d5bdce2e06f28f146354ad7db3d6bbc46
- SSDEEP
  
  48:yLfpRyfGaEXFvHxKgXk4WTPXQ4utDBbZWqC+2zLI634b6tmfx3gr:SHyfGB1HHU4WTfQ4s9Wh34b6yo
Score

1^/10
behavioral2
- Target
  
  LoaderV6/Additions/wmpnssui.dll
- Size
  
  3KB
- MD5
  
  2644bd70bc685b362cad6e6ab65e038f
- SHA1
  
  46682b4d2fd9e3863c3aaeae000e25ad8ab48825
- SHA256
  
  7b7aa6c204b30808b4ae323931bf340c08c3ddeedc10d836a57e80ac3d67e404
- SHA512
  
  f95ddf830d9efb0c2eea09d10642a7a144259aa609638b33fb667099021d6676e4e0021e5d32a216cbaa23b35a8ebe25cb99cc5a89a8acb53704a7c79c98eedb
Score

1^/10
behavioral3
- Target
  
  LoaderV6/WMPNSSUI.dll
- Size
  
  21KB
- MD5
  
  95111e3aeba84c3dcf05d3dc25a15d30
- SHA1
  
  1539f1e3e76912d02adaac29f8d83231db62dbd3
- SHA256
  
  9887affa2d6eac2ae68dda60af3b9b25ba3cedd00e0861e1e57df5d017146f8a
- SHA512
  
  7547f83181fa2ef6e51923a1475286f571e8f87db7c893c8f86d249ec34eea71eae8cd224f1c05b172153309f8d507d3ac33ec85a6d14a07f80029890174c6b3
- SSDEEP
  
  384:mAFLVVeK3Xvv3IglWAduY4UczbX4q7zqhsA0+/NWapW:ZpvjXnIGY6Q+/v
Score

1^/10
behavioral4
- Target
  
  LoaderV6/loaderV6.exe
- Size
  
  52.5MB
- MD5
  
  4efe5b34754a7b87e7a2fb46664fb245
- SHA1
  
  7a2ffeac89d92fb0fb987cb6b284133e41a1e666
- SHA256
  
  88f6b132a2f2f4bee053e521ca9a212bca12ed681b223ad615d4263c976e152c
- SHA512
  
  a090deac29ae7aa7baf6411d1eef6121f5fdf09eb3d14f57f2b7e1f1f56859a70d12019234055c74df6e339081529c670bdf035c728244435ea8830b2d6f6b14
- SSDEEP
  
  393216:3T6KLdGUHM9yCKxECB54r6X9eDQrps7p6Y:3T6edGUs9yLEFy+sY
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral5 behavioral6
- Target
  
  LoaderV6/mpvis.DLL
- Size
  
  186KB
- MD5
  
  e7dd6c9ed6db46b3d35cafaa4b7f640e
- SHA1
  
  2d65eefdfa5e71afb82c78bf4b264e87db91b958
- SHA256
  
  6edf856747573fc15433c0923efb93c3ebc29bb5957b373cbb798998381d9d4d
- SHA512
  
  828cf56539c5d2a8e10564c02cdef3a34781787e9414747ad87472b98997843be4e2007ed1aa22f013de0c445b5a9e8fcac8ef85a51df7bed5725f3881cea50d
- SSDEEP
  
  3072:eGGQ8wInYIcRSqMnAzvJC8KBoOGefHFcYBqI1r0flW/9YzG6:eC1InY9UqMAz4brxo4U
Score

1^/10
behavioral7
- Target
  
  LoaderV6/wmpnssci.dll
- Size
  
  497KB
- MD5
  
  e4c5664db410d83a28413aaf29103c5d
- SHA1
  
  3c46a8465acd8ed799e0bfe772b4b3f40cb5a2ce
- SHA256
  
  86cdcc390dd5deace354910bb5ef02843068fdea29a6552b2b0b3737b1f632dd
- SHA512
  
  a8564ed391be37b3bc046e57ccfb1e66c1bf95b6d2b0c7607636452dc69501888759316e3c0385042017617c7c8aec47bb2975e384057f2f7f0010866a11e02d
- SSDEEP
  
  12288:BdTAIUINc5k+JF1JuN4ULTua1BDllfMo88s9Of4:BCIcW+J/+TF1Honr
Score

1^/10
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Maps connected drives based on registry

Checks system information in the registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8