Overview

overview

10

Static

static

7

loader.exe

windows7-x64

10

loader.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    21s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2024 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    loader.exe

  • Size

    19.9MB

  • MD5

    de056f7f395b63cfc41101107663bcad

  • SHA1

    6e0aab67abf2aa4ccc75aa00b443050b59f207b5

  • SHA256

    e42a2e4a584d4e2206228b4f32c97f97655380d53eb7157df7b9ff53b01ae0db

  • SHA512

    afd6e680b5103ba92ee302b948d16881076e49b5e9f3f2265cb0f2d9510a4c438a386eebca67097019a4dfea0eeb0b62252d49a1d4f005174c7d78e797a3330c

  • SSDEEP

    393216:87uQYxu8HPWE2UDeYBmv6Tk7xsZQLbX8G8gPpbnZ7Z0VVCreXX6iEMAtU3B6E2KX:au9xVvWqmQkagvPVZ7WVVCrSXbp0GB68

Score
10/10
remcosevasionratthemidatrojan

Malware Config

Signatures

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Remcos family
    remcos
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 12 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\loader.exe
    "C:\Users\Admin\AppData\Local\Temp\loader.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2684-0-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download

  • memory/2684-1-0x0000000076EA0000-0x0000000076EA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2684-3-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download

  • memory/2684-2-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download

  • memory/2684-4-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download

  • memory/2684-6-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download

  • memory/2684-5-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download

  • memory/2684-8-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download

  • memory/2684-7-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download

  • memory/2684-9-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download

  • memory/2684-11-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download

  • memory/2684-10-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download

  • memory/2684-13-0x000000013FE00000-0x0000000142059000-memory.dmp

    Filesize

    34.3MB

    Download