507290d62e5cdc13a9bee4306461d9c8fa07d7fb9facb3591c667a6b07df8b3d | Triage

Submit
Reports

Overview

overview

9

Static

static

7

Loader.exe

windows11-21h2-x64

9

Sharing

General

Target

Loader.exe
Size

6.8MB
Sample

240721-3vygts1cqg
MD5

780919d2cf05e82da80292f5539f1386
SHA1

9ea29b7e44f6e3536490f75e0332470b55a5e901
SHA256

507290d62e5cdc13a9bee4306461d9c8fa07d7fb9facb3591c667a6b07df8b3d
SHA512

574f0f1af4f82bf7d18eef0dfb48d4ccf48462a17a871e4df49043cd1a9f7e4ebc7d9239d7380cde3d2a4b585b4c2440a7874128b4e71b714c2b3c9ee5598625
SSDEEP

98304:yPdQEoX5wRgUYkeFQHgbuy195Tb2qC1P9BU0HYC8vjDRM26w3vCYsDsc7CcU:Y+aRgOAS5q+PPc16iCYsDX7CcU

Score

9^/10

discovery evasion execution themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Loader.exe

Resource

win11-20240709-en

discovery evasion execution themida trojan

windows11-21h2-x64

36 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Loader.exe
- Size
  
  6.8MB
- MD5
  
  780919d2cf05e82da80292f5539f1386
- SHA1
  
  9ea29b7e44f6e3536490f75e0332470b55a5e901
- SHA256
  
  507290d62e5cdc13a9bee4306461d9c8fa07d7fb9facb3591c667a6b07df8b3d
- SHA512
  
  574f0f1af4f82bf7d18eef0dfb48d4ccf48462a17a871e4df49043cd1a9f7e4ebc7d9239d7380cde3d2a4b585b4c2440a7874128b4e71b714c2b3c9ee5598625
- SSDEEP
  
  98304:yPdQEoX5wRgUYkeFQHgbuy195Tb2qC1P9BU0HYC8vjDRM26w3vCYsDsc7CcU:Y+aRgOAS5q+PPc16iCYsDX7CcU
Score

9^/10

discovery evasion execution themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Stops running service(s)
  evasion execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecutionthemidatrojan

© 2018-2025

Terms | Privacy