General
-
Target
Install.exe
-
Size
684.7MB
-
Sample
230112-rlxy6agc32
-
MD5
7b1891c680f6ed2164ba0e1111685e59
-
SHA1
6edc16a653d8386503c85b8d6808fe23cff4b8d4
-
SHA256
80b627c3ba8a4f128f7b2e9a06988a95e6db084f29c66fb43ca3491d4d847fb8
-
SHA512
3e3496a6cd4990ba69613cb33d889513f3a08cde6af6b3946070f58f6e2bb01c4014236200dfdd9c943065beb2d4d8d42c5b3e902af80187c460bd6ffe80cc6f
-
SSDEEP
196608:ZKXGveJUwY3JEnr0AZF5OMdyBLMmkKJDACfjttklWe:ZKXPEanYAZqMoAYMCfjj/
Behavioral task
behavioral1
Sample
Install.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
Install.exe
-
Size
684.7MB
-
MD5
7b1891c680f6ed2164ba0e1111685e59
-
SHA1
6edc16a653d8386503c85b8d6808fe23cff4b8d4
-
SHA256
80b627c3ba8a4f128f7b2e9a06988a95e6db084f29c66fb43ca3491d4d847fb8
-
SHA512
3e3496a6cd4990ba69613cb33d889513f3a08cde6af6b3946070f58f6e2bb01c4014236200dfdd9c943065beb2d4d8d42c5b3e902af80187c460bd6ffe80cc6f
-
SSDEEP
196608:ZKXGveJUwY3JEnr0AZF5OMdyBLMmkKJDACfjttklWe:ZKXPEanYAZqMoAYMCfjj/
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-