General
-
Target
file.exe
-
Size
4.0MB
-
Sample
230119-nyfc4acg6s
-
MD5
b1b74e8866c7a221a6b658d95c383dc8
-
SHA1
c5b9db5706be26b3064b6f69dacfdf37f2e62568
-
SHA256
831c6cc29413ef037220c63a9bf30e2ad094c0a9ca343f71258502944869a9a2
-
SHA512
20f77f7fc3040f45d72eb475577f974928f389d29c3feb07171d51ce493e3a5a7f869400b4c86c58e0cefd1a9dc5faa47bc10d23455a0c60719be8faaebff9c0
-
SSDEEP
98304:XpfXL4dK7P7CbM5zD6sILTjblMS0uc25rTNp5SnluY2968:Zzpi4osI3jhMSNc2jSn8j968
Malware Config
Targets
-
-
Target
file.exe
-
Size
4.0MB
-
MD5
b1b74e8866c7a221a6b658d95c383dc8
-
SHA1
c5b9db5706be26b3064b6f69dacfdf37f2e62568
-
SHA256
831c6cc29413ef037220c63a9bf30e2ad094c0a9ca343f71258502944869a9a2
-
SHA512
20f77f7fc3040f45d72eb475577f974928f389d29c3feb07171d51ce493e3a5a7f869400b4c86c58e0cefd1a9dc5faa47bc10d23455a0c60719be8faaebff9c0
-
SSDEEP
98304:XpfXL4dK7P7CbM5zD6sILTjblMS0uc25rTNp5SnluY2968:Zzpi4osI3jhMSNc2jSn8j968
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-