Extracted

• • Target

    HEUR-Trojan.Win32.Chapak.gen-e6ea98b046b11a35.exe

  • Size

    1.5MB

  • MD5

    269d7e74e4b21a2fc0e66907c77fc0bc

  • SHA1

    fc09525a2f93bf089d0b02c5220e7ee452e64747

  • SHA256

    e6ea98b046b11a35efa0ac1243f6190ff4d4247a35784e65a9feaaf4918ae779

  • SHA512

    e0a257ed553383a06267c124b8d72215d6f155ae02ab6d327258c621835957c39e5567c012777fa80f087e578b9a2e1519ead076948b79b1145103826db4bdd0

  • SSDEEP

    24576:Eg5ks+W8y6AFZexyuCkfHGFV01gUSvriQMbOyK2jYR2J11RaLNBDj:EgrHa0ZAhIVQFSv2LtwRG11R+F

  Score

  10^/10

  nullmixerprivateloadersmokeloaderaspackv2backdoordropperevasionloaderspywarestealertrojan

  • Detects Smokeloader packer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2