General
-
Target
Setup.zip
-
Size
5.3MB
-
Sample
221006-a2xjwsgad2
-
MD5
c15c482fb026bb2688de1934ce42db51
-
SHA1
b4be048439d2b420e84c04f7331dab42de47b386
-
SHA256
64c222f6d28384447460cb925c4c3c578112fefad78fad1bf10db352b0b4c3be
-
SHA512
937344157fba8eb99b8d8abb2b014116dcaf392a5ffa07f141ba8a5a45e47cd5b6e1d0da895930f05c5700809d07137f0df0dce027ac22fc5ba537740c9f29dd
-
SSDEEP
98304:aNXHEAfmZotP0RBl7sblNDJZfj8zjTTQqyDWMqRLhA4CL/ZU:aNHLfmZ+PQBl7sbjvfIDEqyDrqRLheG
Malware Config
Targets
-
-
Target
Install.exe
-
Size
686.6MB
-
MD5
436c4290282bda086d3a38ae2ea5c2f5
-
SHA1
c69e9b7ba4967be00330053ba6b152f8393da612
-
SHA256
0fd1f535929f90d75a59c57a8b33e4fb40381bb7ee31b3c18c10cb7c8d6599a3
-
SHA512
ca1efea143c0e73b9c50afeaf0826da24373990c93b176f84e2576596b5296a38765db6710becab1c1829a5a1dba84eb34504f79ae0d55964a845e66a0aab15b
-
SSDEEP
98304:ULX0zHX9KZlxm8pNeRNO+eL1nZ779wnqRJh3kMDpzzY8:qXsHX9KmDJeLj9i4nda8
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-