General
-
Target
Install.zip
-
Size
7.0MB
-
Sample
230202-py4alagc82
-
MD5
f1026d264acd9f45899e516cb79898c6
-
SHA1
99c6cf73ad52d372a9830f1f9a0c658c41c8b2e3
-
SHA256
e7fcce1e5f3d665159c7db8f26d0d801e6c06e61fe9fb56a02c1d511c27ada9d
-
SHA512
32b327e8a35933bf9f206c7ca4ef96b22ec3752cb47aea88559e460bb74f27a056e79272deb2a0ab628242ab44f2e7d5e0470c0312add277f05523a511abffcb
-
SSDEEP
98304:WYLBYs7pNyvuVUO1GUpNQNDbRJrtn3NFu4rQC0gANti2qJtFFSQtD6WZchgYejq:ZZ5CO1ToN37t3N50/kvF5yg2
Behavioral task
behavioral1
Sample
Install.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
Install.exe
-
Size
684.7MB
-
MD5
7b1891c680f6ed2164ba0e1111685e59
-
SHA1
6edc16a653d8386503c85b8d6808fe23cff4b8d4
-
SHA256
80b627c3ba8a4f128f7b2e9a06988a95e6db084f29c66fb43ca3491d4d847fb8
-
SHA512
3e3496a6cd4990ba69613cb33d889513f3a08cde6af6b3946070f58f6e2bb01c4014236200dfdd9c943065beb2d4d8d42c5b3e902af80187c460bd6ffe80cc6f
-
SSDEEP
196608:ZKXGveJUwY3JEnr0AZF5OMdyBLMmkKJDACfjttklWe:ZKXPEanYAZqMoAYMCfjj/
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-