Overview

overview

8

Static

static

3

LoaderVIP.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LoaderVIP.exe

  • Size

    47KB

  • Sample

    241120-e7s6wawkeq

  • MD5

    5012435c76469480d209082128eb0570

  • SHA1

    2a591b192e8bb50dd0185620bedb312650cc9e8e

  • SHA256

    0aa39fb2c831b57856366e8af19debe6d999a84b01b367e1514e17540ca8e237

  • SHA512

    c27d856c0531c61e12255f37746e42706f1ae86f5a7484131915b4910d1c511823d574cd6cfb514a03cef50fcbd509dc0b829def5854999fbb3c058246166cf0

  • SSDEEP

    768:Gfp0/0uOE8XuZ+jOjBjEzzvkAnzAA+YzO4HeIYn38kpvOHwrw82rGSmOg+rGX:KC/0uOE8XuZ+jOj2zvNnzAA+YzOeY38y

Score
8/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      LoaderVIP.exe

    • Size

      47KB

    • MD5

      5012435c76469480d209082128eb0570

    • SHA1

      2a591b192e8bb50dd0185620bedb312650cc9e8e

    • SHA256

      0aa39fb2c831b57856366e8af19debe6d999a84b01b367e1514e17540ca8e237

    • SHA512

      c27d856c0531c61e12255f37746e42706f1ae86f5a7484131915b4910d1c511823d574cd6cfb514a03cef50fcbd509dc0b829def5854999fbb3c058246166cf0

    • SSDEEP

      768:Gfp0/0uOE8XuZ+jOjBjEzzvkAnzAA+YzO4HeIYn38kpvOHwrw82rGSmOg+rGX:KC/0uOE8XuZ+jOj2zvNnzAA+YzOeY38y

    Score
    8/10
    bootkitdiscoverypersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks