Overview

overview

9

Static

static

7

Loader.exe

windows7-x64

9

Loader.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.exe

  • Size

    19.4MB

  • Sample

    240909-sxpmlaxfrg

  • MD5

    b0e9695947a18901349ca0dd41521f01

  • SHA1

    24dcad88b3a36e1ce145ba769702b00a2ea82738

  • SHA256

    eecc62ff3146dfefda210a2b171e8cadccd3fae591664d14f6c1050f2276e4bd

  • SHA512

    fe0793394c85845e75a852dbb65898f97659b09c340068d954235e4fc98909ff09b1a0adac17ddac03d5b9262b815af2d27a06af5892198220e1eacced159108

  • SSDEEP

    393216:gDI5Bw8g+wwmMQYx16YTnxoOmkEYYe5HVOvNMuPNCEBbRVOqzW:wI5BwDwZQYxxoGpVOvuuPNCcNVQ

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      19.4MB

    • MD5

      b0e9695947a18901349ca0dd41521f01

    • SHA1

      24dcad88b3a36e1ce145ba769702b00a2ea82738

    • SHA256

      eecc62ff3146dfefda210a2b171e8cadccd3fae591664d14f6c1050f2276e4bd

    • SHA512

      fe0793394c85845e75a852dbb65898f97659b09c340068d954235e4fc98909ff09b1a0adac17ddac03d5b9262b815af2d27a06af5892198220e1eacced159108

    • SSDEEP

      393216:gDI5Bw8g+wwmMQYx16YTnxoOmkEYYe5HVOvNMuPNCEBbRVOqzW:wI5BwDwZQYxxoGpVOvuuPNCcNVQ

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks