Resubmissions
02-08-2024 21:46
240802-1m17mswere 10General
-
Target
Loader.exe
-
Size
80.8MB
-
Sample
240802-1m17mswere
-
MD5
93e39aca43080a3a84a6e7a492b586a7
-
SHA1
eee096dcfba81e22bd3422243fef9705e0d9cd9c
-
SHA256
6fdf6a1447279d9126829e279c7153d13c4e34312d5b74b1a66791f78535bac7
-
SHA512
e6f4b383d76f640cc6f5c59367af3719bd13c8cb609dfc511561eef7813fae62d640c8e24b4f4fc0c8242d9efed4a2e02244309be37f1ddd71a6f464a12714d7
-
SSDEEP
1572864:NFh7vHcRltSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW47jzux3a/Z9U:3h7vHcRLSkB05awcfhdCpukdRna49U
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
Loader.exe
-
Size
80.8MB
-
MD5
93e39aca43080a3a84a6e7a492b586a7
-
SHA1
eee096dcfba81e22bd3422243fef9705e0d9cd9c
-
SHA256
6fdf6a1447279d9126829e279c7153d13c4e34312d5b74b1a66791f78535bac7
-
SHA512
e6f4b383d76f640cc6f5c59367af3719bd13c8cb609dfc511561eef7813fae62d640c8e24b4f4fc0c8242d9efed4a2e02244309be37f1ddd71a6f464a12714d7
-
SSDEEP
1572864:NFh7vHcRltSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW47jzux3a/Z9U:3h7vHcRLSkB05awcfhdCpukdRna49U
-
Enumerates VirtualBox DLL files
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
2