Extracted

• • Target

    HEUR-Trojan.Win32.Chapak.gen-c82a55fdd3caeb95.exe

  • Size

    1.5MB

  • MD5

    78cc2004a61a5f5bd968bc7449a6e41d

  • SHA1

    5d68410afdd470c5d076b6de46c3b2eeee953be1

  • SHA256

    c82a55fdd3caeb95db17754e3ba270ec93a7eb3c9997f9f9c6f02de0e17bacec

  • SHA512

    c7cb55dcc7344b3f00f93e49eb49712bb85cb7bc4d1bc85f81b3cf1358cec9375e427fc7403c9eeb0eb715a7c4b0a08b423759d76dd12f14ab6f38c96fdf5bad

  • SSDEEP

    49152:EgSqM6bpcBJT+tFgYlGiFKtFHbo1kEJwQ/oW1vAaK:Jq7v7FdEJw8oaoJ

  Score

  10^/10

  nullmixerprivateloadersmokeloaderaspackv2backdoordropperevasionloaderspywarestealertrojan

  • Detects Smokeloader packer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2