General
-
Target
setup.exe
-
Size
2.9MB
-
Sample
230205-heepkage23
-
MD5
4334df4cb39ca4e7e34fac3c1c1e63a0
-
SHA1
3f2138e5cdf121fa5fe8a1f327869e59da794880
-
SHA256
f898864731b75798f805346f21c714c66464b061055e4cf60443e54a9a475fb8
-
SHA512
7255a3dba8f5c261ce9ed3da95c52fc673d78f0288801cb2053997898df197e0bba682d94980a08b328ca55cb37de433990eeac9c53f47e41debc0e10ab5584e
-
SSDEEP
49152:EsyAC7nysdD4Ah5Lb1mInrSy+rpTmVxBSbUj47hti6VNkCAff2N9AhBPiPrYt:u7yoVbHnbkCxBFetiIKhfUiBKPrYt
Behavioral task
behavioral1
Sample
setup.exe
Resource
win10v2004-20220812-es
Malware Config
Extracted
privateloader
http://212.193.30.45/proxies.txt
http://193.233.185.125/server.txt
pastebin.com/raw/A7dSG1te
http://wfsdragon.ru/api/setStats.php
85.202.169.116
Targets
-
-
Target
setup.exe
-
Size
2.9MB
-
MD5
4334df4cb39ca4e7e34fac3c1c1e63a0
-
SHA1
3f2138e5cdf121fa5fe8a1f327869e59da794880
-
SHA256
f898864731b75798f805346f21c714c66464b061055e4cf60443e54a9a475fb8
-
SHA512
7255a3dba8f5c261ce9ed3da95c52fc673d78f0288801cb2053997898df197e0bba682d94980a08b328ca55cb37de433990eeac9c53f47e41debc0e10ab5584e
-
SSDEEP
49152:EsyAC7nysdD4Ah5Lb1mInrSy+rpTmVxBSbUj47hti6VNkCAff2N9AhBPiPrYt:u7yoVbHnbkCxBFetiIKhfUiBKPrYt
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-