General
-
Target
e3ecfadcc199765a2ad369615ec17b5b95cb0f5a29cc45eb2e8d2e9d575807d1.zip
-
Size
4.0MB
-
Sample
230321-r3g92abd44
-
MD5
73a3098f8d9647588f587c89f5d4a703
-
SHA1
152900828f8ecd321810627b17fff27d7b9f6a7f
-
SHA256
66aeb66b7ab30273157a2e62a66e346d39ba2589ba13db435875cd10fd94da0b
-
SHA512
fb720eb96b004ce54207dcd860c3df114913a206fc249ceccc57452945fb5250ed5683851bb0281e66492c1289376534a1619f5dd464f0115120fd6cef614fae
-
SSDEEP
98304:Jts6Xs31dJ9+Wk4LyDLzTFF8eIcUngqX3cg5g:jjsb2ULKFavfgqXR5g
Behavioral task
behavioral1
Sample
e3ecfadcc199765a2ad369615ec17b5b95cb0f5a29cc45eb2e8d2e9d575807d1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e3ecfadcc199765a2ad369615ec17b5b95cb0f5a29cc45eb2e8d2e9d575807d1.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
e3ecfadcc199765a2ad369615ec17b5b95cb0f5a29cc45eb2e8d2e9d575807d1.exe
-
Size
6.0MB
-
MD5
434e131214711a082fb458ddf1d18c2a
-
SHA1
cdc9c56159c24492c4f5f8f968e9b5ab16171bda
-
SHA256
e3ecfadcc199765a2ad369615ec17b5b95cb0f5a29cc45eb2e8d2e9d575807d1
-
SHA512
60379db97207327e268a0417c1c9bf33f2e23ea946cb92b9bf5d96c119e9fd80ef19afcda2a571b1c0a3bb2b949e8eb2b7c3e9af0d8dddac8aded505745a60ee
-
SSDEEP
98304:2wb0bWHT4Ld9bHpNSFwjfEgNCdkkBQEiCgXyh6246:Lo8q5vsw1N0BTjj
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-