General
-
Target
file.exe
-
Size
6.3MB
-
Sample
230207-yj9cqsef9t
-
MD5
9c09eeffe2f425af3658e7596efa753e
-
SHA1
bfd360c1be479ec1495bfb3b9fee0a5de2577d55
-
SHA256
827c4997002fad614d23a5c16f9547005862ce2a8d5758e986f7a9ad67266184
-
SHA512
0ab73e8c6256d10b9d17104152f9d93ccf67ee17db14be7f220fb24c87ae30282179a55543c96c1060ac098dabf36462e0ab931d5a238ff1fab1b979dc04f3f6
-
SSDEEP
196608:g++s55CXIftXiqzb2oRBIKM2cZlZAAsU5H6qMENA2:lHJz6aIycKRCHecZ
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
6.3MB
-
MD5
9c09eeffe2f425af3658e7596efa753e
-
SHA1
bfd360c1be479ec1495bfb3b9fee0a5de2577d55
-
SHA256
827c4997002fad614d23a5c16f9547005862ce2a8d5758e986f7a9ad67266184
-
SHA512
0ab73e8c6256d10b9d17104152f9d93ccf67ee17db14be7f220fb24c87ae30282179a55543c96c1060ac098dabf36462e0ab931d5a238ff1fab1b979dc04f3f6
-
SSDEEP
196608:g++s55CXIftXiqzb2oRBIKM2cZlZAAsU5H6qMENA2:lHJz6aIycKRCHecZ
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-