General
-
Target
file.exe
-
Size
4.8MB
-
Sample
230127-nvkhmsac96
-
MD5
ba8169b60bd162597bc91a492acbe9f0
-
SHA1
fe39cd7badbc1740c686648f57083eb666ad8df8
-
SHA256
1290f9754a269d7cf6c4be336b347e0012aede4df4fee545eed7426efddc1c4d
-
SHA512
3939b924cdc72f77555d5f71c5767b10b0dbf52d6f4bdcab5b2e6d87402a89a3899c4d85e537a86ad1346dbfb0c47e05e5d3a96a1d6dc7be01c644627cdc1258
-
SSDEEP
98304:ohbbxS7P7CbM5zD6sILTjblMS0uQvEgKNDDHoY3gnN9lMRmtbK3cNA:ohoi4osI3jhMSNQsgkDLoYwnFymRfNA
Malware Config
Targets
-
-
Target
file.exe
-
Size
4.8MB
-
MD5
ba8169b60bd162597bc91a492acbe9f0
-
SHA1
fe39cd7badbc1740c686648f57083eb666ad8df8
-
SHA256
1290f9754a269d7cf6c4be336b347e0012aede4df4fee545eed7426efddc1c4d
-
SHA512
3939b924cdc72f77555d5f71c5767b10b0dbf52d6f4bdcab5b2e6d87402a89a3899c4d85e537a86ad1346dbfb0c47e05e5d3a96a1d6dc7be01c644627cdc1258
-
SSDEEP
98304:ohbbxS7P7CbM5zD6sILTjblMS0uQvEgKNDDHoY3gnN9lMRmtbK3cNA:ohoi4osI3jhMSNQsgkDLoYwnFymRfNA
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-