Overview

overview

8

Static

static

7

Windows Loader.exe

windows7-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Windows Loader v2.2.2.zip

  • Size

    1.7MB

  • Sample

    240704-v47svsseqd

  • MD5

    de75560369b89f64881c3386ccc273fc

  • SHA1

    ba189c5080a832b98099e6fceb175c8fc527c1ba

  • SHA256

    e028fb713e6cf2e894d173d2c6b35029be6da38f548ecd3e4515ef27875c7f5a

  • SHA512

    129bd3f015d71b39bdd27a8676f2539614aa01e98c1fda4c7a4f7e554547ec5f1ca7a4451b9c4cd830992675e80f8df5527cb481a770fef1b7f3c12747061bf7

  • SSDEEP

    49152:20AWoHErsa85tku+4xPMkruSzWws+a3n+f8:pAWBrs3/xacW3v

Score
8/10
discoveryexploitupx

Malware Config

Targets

    • Target

      Windows Loader.exe

    • Size

      3.8MB

    • MD5

      323c0fd51071400b51eedb1be90a8188

    • SHA1

      0efc35935957c25193bbe9a83ab6caa25a487ada

    • SHA256

      2f2aba1e074f5f4baa08b524875461889f8f04d4ffc43972ac212e286022ab94

    • SHA512

      4c501c7135962e2f02b68d6069f2191ddb76f990528dacd209955a44972122718b9598400ba829abab2d4345b4e1a4b93453c8e7ba42080bd492a34cf8443e7e

    • SSDEEP

      49152:cEYCFEvlmOmTgtFM3uK5m3imrHuiff+puWV355FXw/+zuWV355FXw/+DuWV355FP:cEYzEFTgtFM3ukm3imPnt

    Score
    8/10
    discoveryexploitupx

    • Possible privilege escalation attempt

      exploit

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks