716713b54f0545eace341a962440705dc28a4fbaab02ee15bbf31a44d8c688f5 | Triage

Sharing

General

Target

Loader.exe
Size

12.9MB
Sample

240809-gwvxfa1dpd
MD5

d92cf3066f5aba8a9d66d10af47e2d95
SHA1

8e7d9ea4003c86cbea43ccf976d5a28da1706fe4
SHA256

716713b54f0545eace341a962440705dc28a4fbaab02ee15bbf31a44d8c688f5
SHA512

0621650cab23dfffbfe6877f42f04317bd3508bf3426900a0f479cf84d6d399cff371ebf90a567c1fc740ed7ac8dd0fff326067f404ecc70826faf86b5b6252d
SSDEEP

393216:8kR/hpScfBpGKfqkyDUTf4XOXBKEywJoNCDnKiY2Hhay/FxaUwHI:8kU0C+ykfh83wJoNmKbGb/2vI

Score

9^/10

evasion execution persistence trojan

Malware Config

Targets

- Target
  
  Loader.exe
- Size
  
  12.9MB
- MD5
  
  d92cf3066f5aba8a9d66d10af47e2d95
- SHA1
  
  8e7d9ea4003c86cbea43ccf976d5a28da1706fe4
- SHA256
  
  716713b54f0545eace341a962440705dc28a4fbaab02ee15bbf31a44d8c688f5
- SHA512
  
  0621650cab23dfffbfe6877f42f04317bd3508bf3426900a0f479cf84d6d399cff371ebf90a567c1fc740ed7ac8dd0fff326067f404ecc70826faf86b5b6252d
- SSDEEP
  
  393216:8kR/hpScfBpGKfqkyDUTf4XOXBKEywJoNCDnKiY2Hhay/FxaUwHI:8kU0C+ykfh83wJoNmKbGb/2vI
Score

9^/10

evasion execution persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Creates new service(s)
  persistence execution
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionexecutionpersistencetrojan

behavioral2

evasionexecutionpersistencetrojan