General
-
Target
SecuriteInfo.com.Trojan.GenericKD.64834682.13016.3433.exe
-
Size
6.7MB
-
Sample
230109-nlj6hshe31
-
MD5
4b9e8b2f3ea2608442a84b93c3b04545
-
SHA1
8b4d08b15fc86adf6c7783b8e88cd313f012674e
-
SHA256
f96864b6f9c6af50b4f71073ea5396e96c5b80bc3024a1531064f43b34497d12
-
SHA512
0248bee7ba26dcbd086a9c719b8463e013e0121ebcfe3b70f04fb7cd99f2e3da54b243aed3c1e59f7df9fd54717d153999f72a58f53dddcfc757a9ccbb85d811
-
SSDEEP
196608:7ZH239wkNJymM3IhIKrO1lrG6uFuCkSZnb7d:NH239zTywng8J1Zb7d
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKD.64834682.13016.3433.exe
-
Size
6.7MB
-
MD5
4b9e8b2f3ea2608442a84b93c3b04545
-
SHA1
8b4d08b15fc86adf6c7783b8e88cd313f012674e
-
SHA256
f96864b6f9c6af50b4f71073ea5396e96c5b80bc3024a1531064f43b34497d12
-
SHA512
0248bee7ba26dcbd086a9c719b8463e013e0121ebcfe3b70f04fb7cd99f2e3da54b243aed3c1e59f7df9fd54717d153999f72a58f53dddcfc757a9ccbb85d811
-
SSDEEP
196608:7ZH239wkNJymM3IhIKrO1lrG6uFuCkSZnb7d:NH239zTywng8J1Zb7d
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-