General

  • Target

    Loader.exe

  • Size

    12.9MB

  • Sample

    240809-gwvxfa1dpd

  • MD5

    d92cf3066f5aba8a9d66d10af47e2d95

  • SHA1

    8e7d9ea4003c86cbea43ccf976d5a28da1706fe4

  • SHA256

    716713b54f0545eace341a962440705dc28a4fbaab02ee15bbf31a44d8c688f5

  • SHA512

    0621650cab23dfffbfe6877f42f04317bd3508bf3426900a0f479cf84d6d399cff371ebf90a567c1fc740ed7ac8dd0fff326067f404ecc70826faf86b5b6252d

  • SSDEEP

    393216:8kR/hpScfBpGKfqkyDUTf4XOXBKEywJoNCDnKiY2Hhay/FxaUwHI:8kU0C+ykfh83wJoNmKbGb/2vI

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      12.9MB

    • MD5

      d92cf3066f5aba8a9d66d10af47e2d95

    • SHA1

      8e7d9ea4003c86cbea43ccf976d5a28da1706fe4

    • SHA256

      716713b54f0545eace341a962440705dc28a4fbaab02ee15bbf31a44d8c688f5

    • SHA512

      0621650cab23dfffbfe6877f42f04317bd3508bf3426900a0f479cf84d6d399cff371ebf90a567c1fc740ed7ac8dd0fff326067f404ecc70826faf86b5b6252d

    • SSDEEP

      393216:8kR/hpScfBpGKfqkyDUTf4XOXBKEywJoNCDnKiY2Hhay/FxaUwHI:8kU0C+ykfh83wJoNmKbGb/2vI

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Creates new service(s)

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks