privateloader | 2d29625e81eed2aaafbcedffe4e177ca78189c71be60c6526daf35b3dcb8fa05 | Triage

Submit
Reports

Overview

overview

Static

static

7

2d29625e81...05.exe

windows10-2004-x64

Resubmissions

02-09-2022 14:42

220902-r27hjahhh9 10

02-09-2022 11:45

220902-nwq2tadcgq 10

Sharing

General

Target

2d29625e81eed2aaafbcedffe4e177ca78189c71be60c6526daf35b3dcb8fa05
Size

2.3MB
Sample

220902-r27hjahhh9
MD5

e18b3707ff095f5dd8eac23474e25809
SHA1

996770ce74c9f7a0f6f1223bd37447bdea794372
SHA256

2d29625e81eed2aaafbcedffe4e177ca78189c71be60c6526daf35b3dcb8fa05
SHA512

59db45c751fdb8df979afe6ce803fcb6b511b3c7965c639801eae68d5a51b4b02319102d6ca8c504ae76c68aa6ba6f2d595007a3b73af07e029c0ebbe07fdc58
SSDEEP

49152:nhTsBclN14DVR/dRZV++apFIecXZM7tQB6/M8sbgsq7D:nk8NWVvRron0cQ6/SkH

Score

10^/10

privateloader evasion loader spyware stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2d29625e81eed2aaafbcedffe4e177ca78189c71be60c6526daf35b3dcb8fa05.exe

Resource

win10v2004-20220812-en

privateloader evasion loader spyware stealer themida trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  2d29625e81eed2aaafbcedffe4e177ca78189c71be60c6526daf35b3dcb8fa05
- Size
  
  2.3MB
- MD5
  
  e18b3707ff095f5dd8eac23474e25809
- SHA1
  
  996770ce74c9f7a0f6f1223bd37447bdea794372
- SHA256
  
  2d29625e81eed2aaafbcedffe4e177ca78189c71be60c6526daf35b3dcb8fa05
- SHA512
  
  59db45c751fdb8df979afe6ce803fcb6b511b3c7965c639801eae68d5a51b4b02319102d6ca8c504ae76c68aa6ba6f2d595007a3b73af07e029c0ebbe07fdc58
- SSDEEP
  
  49152:nhTsBclN14DVR/dRZV++apFIecXZM7tQB6/M8sbgsq7D:nk8NWVvRron0cQ6/SkH
Score

10^/10

privateloader evasion loader spyware stealer themida trojan
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

privateloaderevasionloaderspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy