General
-
Target
Install.exe
-
Size
9.3MB
-
Sample
230111-phhzqafh5v
-
MD5
386e8cf7fc763c4c2700c5bbf8a5a84a
-
SHA1
b6faa85d2aa6453a79b7abea5be783d81bab0004
-
SHA256
6fb6b5bea4ea218e0959f6449fed09dbded30b6e3ee320d51b49d74c9a0bf44d
-
SHA512
ca79f9a92ad865e67d24c46dcb6653d385e514dcc5834f5ee592d803b2e32454f63ec01ce9d9f824f7e12a8f348629ec477e577d9abb8c6fed784c39a6e74d7c
-
SSDEEP
196608:wQcLGiPD8BoXHfg3+RuQxn5FGvnSmOj7f3iRAoTnpl:hcJwBo3okuQx5Fkn7Ov3i/pl
Static task
static1
Behavioral task
behavioral1
Sample
Install.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
Install.exe
-
Size
9.3MB
-
MD5
386e8cf7fc763c4c2700c5bbf8a5a84a
-
SHA1
b6faa85d2aa6453a79b7abea5be783d81bab0004
-
SHA256
6fb6b5bea4ea218e0959f6449fed09dbded30b6e3ee320d51b49d74c9a0bf44d
-
SHA512
ca79f9a92ad865e67d24c46dcb6653d385e514dcc5834f5ee592d803b2e32454f63ec01ce9d9f824f7e12a8f348629ec477e577d9abb8c6fed784c39a6e74d7c
-
SSDEEP
196608:wQcLGiPD8BoXHfg3+RuQxn5FGvnSmOj7f3iRAoTnpl:hcJwBo3okuQx5Fkn7Ov3i/pl
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-