General
-
Target
file.exe
-
Size
3MB
-
Sample
230129-s4rqjace97
-
MD5
bccdbd62c82c4f579a3ed21ccca15aa5
-
SHA1
71f6d3066d0eeea781f86ed82b4e929767608a05
-
SHA256
69bcd5e9f5f59d96f667e987fc84b2246a56a3fbfc837673566a1dbe76cd1da9
-
SHA512
ae9cf1aed53a4161651ba19c452719cc9f9a2f547bcfaa32ed52f0882a060f1f864a4c4e678e08271103bf2560fece8aac430b27251252088b12587a49e59051
-
SSDEEP
98304:+wM8hvx7Vf7o5P5WYTdxFHKOla4D9Zuml9KRK3:wc7R7eYYTdjraFmuK3
Malware Config
Targets
-
-
Target
file.exe
-
Size
3MB
-
MD5
bccdbd62c82c4f579a3ed21ccca15aa5
-
SHA1
71f6d3066d0eeea781f86ed82b4e929767608a05
-
SHA256
69bcd5e9f5f59d96f667e987fc84b2246a56a3fbfc837673566a1dbe76cd1da9
-
SHA512
ae9cf1aed53a4161651ba19c452719cc9f9a2f547bcfaa32ed52f0882a060f1f864a4c4e678e08271103bf2560fece8aac430b27251252088b12587a49e59051
-
SSDEEP
98304:+wM8hvx7Vf7o5P5WYTdxFHKOla4D9Zuml9KRK3:wc7R7eYYTdjraFmuK3
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation