aresloader | c92d1b2c314fb70cc2f150b5bd5501291c4019cfc41c1a6f414401b1530e6be8 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-03-29...om.exe

windows7-x64

7

2025-03-29...om.exe

windows10-2004-x64

Sharing

General

Target

2025-03-29_ed792723ba21a8e0d0cc25cb5cf66c46_black-basta_cobalt-strike_satacom
Size

37.3MB
Sample

250329-ghe9tsytfs
MD5

ed792723ba21a8e0d0cc25cb5cf66c46
SHA1

effafd6d4b2ea916a4633c7065d84beb806386e7
SHA256

c92d1b2c314fb70cc2f150b5bd5501291c4019cfc41c1a6f414401b1530e6be8
SHA512

67dd677ec19c8462aa1dd24ed95791c20dcd1fdaf67a3daa673d8ebc353013130f7d77ac428a650303abfd81a20d860d6e53643c198d2450f78b43e71f4bedac
SSDEEP

786432:upuNz0ZyK9DRNFOCWQnTzHTWg9DhGsVDHXMb8ODw05q4WUXE:upSz8yKiuHakDcbqv

Score

10^/10

aresloader defense_evasion discovery loader persistence privilege_escalation pyinstaller upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2025-03-29_ed792723ba21a8e0d0cc25cb5cf66c46_black-basta_cobalt-strike_satacom.exe

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-03-29_ed792723ba21a8e0d0cc25cb5cf66c46_black-basta_cobalt-strike_satacom.exe

Resource

win10v2004-20250314-en

aresloader defense_evasion discovery loader persistence privilege_escalation upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

aresloader

C2

http://127.0.0.1:8888

http://127.0.0.1:8080

http://192.168.31.111

Targets

- Target
  
  2025-03-29_ed792723ba21a8e0d0cc25cb5cf66c46_black-basta_cobalt-strike_satacom
- Size
  
  37.3MB
- MD5
  
  ed792723ba21a8e0d0cc25cb5cf66c46
- SHA1
  
  effafd6d4b2ea916a4633c7065d84beb806386e7
- SHA256
  
  c92d1b2c314fb70cc2f150b5bd5501291c4019cfc41c1a6f414401b1530e6be8
- SHA512
  
  67dd677ec19c8462aa1dd24ed95791c20dcd1fdaf67a3daa673d8ebc353013130f7d77ac428a650303abfd81a20d860d6e53643c198d2450f78b43e71f4bedac
- SSDEEP
  
  786432:upuNz0ZyK9DRNFOCWQnTzHTWg9DhGsVDHXMb8ODw05q4WUXE:upSz8yKiuHakDcbqv
Score

10^/10

aresloader defense_evasion discovery loader persistence privilege_escalation upx
- AresLoader
  AresLoader is a loader and downloader written in C++.
  loader aresloader
- Aresloader family
  aresloader
- Modifies Windows Firewall
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

aresloaderdefense_evasiondiscoveryloaderpersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy