privateloader | f898864731b75798f805346f21c714c66464b061055e4cf60443e54a9a475fb8 | Triage

Submit
Reports

Overview

overview

Static

static

7

setup.exe

windows10-2004-x64

Resubmissions

05-02-2023 06:38

230205-heepkage23 10

17-07-2022 05:59

220717-gpte2ahcbp 10

12-07-2022 03:45

220712-ea8kascbf9 10

Sharing

General

Target

setup.exe
Size

2.9MB
Sample

230205-heepkage23
MD5

4334df4cb39ca4e7e34fac3c1c1e63a0
SHA1

3f2138e5cdf121fa5fe8a1f327869e59da794880
SHA256

f898864731b75798f805346f21c714c66464b061055e4cf60443e54a9a475fb8
SHA512

7255a3dba8f5c261ce9ed3da95c52fc673d78f0288801cb2053997898df197e0bba682d94980a08b328ca55cb37de433990eeac9c53f47e41debc0e10ab5584e
SSDEEP

49152:EsyAC7nysdD4Ah5Lb1mInrSy+rpTmVxBSbUj47hti6VNkCAff2N9AhBPiPrYt:u7yoVbHnbkCxBFetiIKhfUiBKPrYt

Score

10^/10

privateloader evasion loader themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

setup.exe

Resource

win10v2004-20220812-es

privateloader evasion loader themida trojan

windows10-2004-x64

13 signatures

1800 seconds

Malware Config

Extracted

Family

privateloader

C2

http://212.193.30.45/proxies.txt

http://193.233.185.125/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

85.202.169.116

Targets

- Target
  
  setup.exe
- Size
  
  2.9MB
- MD5
  
  4334df4cb39ca4e7e34fac3c1c1e63a0
- SHA1
  
  3f2138e5cdf121fa5fe8a1f327869e59da794880
- SHA256
  
  f898864731b75798f805346f21c714c66464b061055e4cf60443e54a9a475fb8
- SHA512
  
  7255a3dba8f5c261ce9ed3da95c52fc673d78f0288801cb2053997898df197e0bba682d94980a08b328ca55cb37de433990eeac9c53f47e41debc0e10ab5584e
- SSDEEP
  
  49152:EsyAC7nysdD4Ah5Lb1mInrSy+rpTmVxBSbUj47hti6VNkCAff2N9AhBPiPrYt:u7yoVbHnbkCxBFetiIKhfUiBKPrYt
Score

10^/10

privateloader evasion loader themida trojan
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

privateloaderevasionloaderthemidatrojan

© 2018-2024

Terms | Privacy