General
-
Target
Loader.exe
-
Size
12.9MB
-
Sample
240809-gwvxfa1dpd
-
MD5
d92cf3066f5aba8a9d66d10af47e2d95
-
SHA1
8e7d9ea4003c86cbea43ccf976d5a28da1706fe4
-
SHA256
716713b54f0545eace341a962440705dc28a4fbaab02ee15bbf31a44d8c688f5
-
SHA512
0621650cab23dfffbfe6877f42f04317bd3508bf3426900a0f479cf84d6d399cff371ebf90a567c1fc740ed7ac8dd0fff326067f404ecc70826faf86b5b6252d
-
SSDEEP
393216:8kR/hpScfBpGKfqkyDUTf4XOXBKEywJoNCDnKiY2Hhay/FxaUwHI:8kU0C+ykfh83wJoNmKbGb/2vI
Static task
static1
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Loader.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Loader.exe
-
Size
12.9MB
-
MD5
d92cf3066f5aba8a9d66d10af47e2d95
-
SHA1
8e7d9ea4003c86cbea43ccf976d5a28da1706fe4
-
SHA256
716713b54f0545eace341a962440705dc28a4fbaab02ee15bbf31a44d8c688f5
-
SHA512
0621650cab23dfffbfe6877f42f04317bd3508bf3426900a0f479cf84d6d399cff371ebf90a567c1fc740ed7ac8dd0fff326067f404ecc70826faf86b5b6252d
-
SSDEEP
393216:8kR/hpScfBpGKfqkyDUTf4XOXBKEywJoNCDnKiY2Hhay/FxaUwHI:8kU0C+ykfh83wJoNmKbGb/2vI
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Creates new service(s)
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-