Overview

overview

9

Static

static

3

Loader.exe

windows10-2004-x64

9

Resubmissions

05/09/2024, 02:25

240905-cwq62a1fkl 9

05/09/2024, 02:09

240905-clafja1drk 9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Loader.exe

  • Size

    12.5MB

  • Sample

    240905-cwq62a1fkl

  • MD5

    06ab7010e847a1c3a567c1f9e14452bd

  • SHA1

    593b4240fe2bfaa21de8a554bc93c0b5be11ab30

  • SHA256

    3c4da1db936b6a740a0701f364ccd3a5d2bcc5f3a8a934a10e68f13e829476ec

  • SHA512

    3b7be983404b18912ed844a8aac097d6156c9f957c32874e525efd17a8a0b990bbb69f33f7056d9f71c53000f46f45b5cc1506f8b76b03f6bfca8b67f4d634d1

  • SSDEEP

    393216:Pw//lRv1JAhFnEjxpXaBkdoNGhEsnYxqZVmchA:o3lyhMpXaids8RnaR

Score
9/10
evasionexecutionpersistencetrojan

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      12.5MB

    • MD5

      06ab7010e847a1c3a567c1f9e14452bd

    • SHA1

      593b4240fe2bfaa21de8a554bc93c0b5be11ab30

    • SHA256

      3c4da1db936b6a740a0701f364ccd3a5d2bcc5f3a8a934a10e68f13e829476ec

    • SHA512

      3b7be983404b18912ed844a8aac097d6156c9f957c32874e525efd17a8a0b990bbb69f33f7056d9f71c53000f46f45b5cc1506f8b76b03f6bfca8b67f4d634d1

    • SSDEEP

      393216:Pw//lRv1JAhFnEjxpXaBkdoNGhEsnYxqZVmchA:o3lyhMpXaids8RnaR

    Score
    9/10
    evasionexecutionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Creates new service(s)

      persistenceexecution

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks