General
-
Target
c0eed8d7cff4a9b56b014b87ef779937.bin
-
Size
4.8MB
-
Sample
230505-x4py6aha84
-
MD5
1b7f23e880ad9a206c6c16b01877026b
-
SHA1
5535240d03cda839e527e06a7e2589f2d884ef2c
-
SHA256
8472782c0b68863c2da132eead42f432da578650d6010ea574c632f08c9cf0bc
-
SHA512
3c05fe95ee19bf978f901d9f42d6bc9c5875098855d703e49f63705a820744f3a52361b4953627e3238bb2e4378fa65c6074c4eaa7edf2073f45525ba157daea
-
SSDEEP
98304:kfQgHKBca/+JQDlTgeRot3V2ULqU1n74lYtuc1j9zVOP/KnA2X5s:kfQgHEDl0eRDULZEZqjYoRs
Behavioral task
behavioral1
Sample
d2046e7907d430c57564fd882814a9786efe8b6fba8d5c0b5090068c3b66c7ff.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
d2046e7907d430c57564fd882814a9786efe8b6fba8d5c0b5090068c3b66c7ff.exe
-
Size
5.0MB
-
MD5
c0eed8d7cff4a9b56b014b87ef779937
-
SHA1
3e3e2c02bedaa92bac010de4e0358e01d6a38438
-
SHA256
d2046e7907d430c57564fd882814a9786efe8b6fba8d5c0b5090068c3b66c7ff
-
SHA512
56b0a94bb6ee0eea0ddf81e65449943fb120a531ebd922d9922d6f7fb3d1f1158f0961a586059e1d8c493d21eb8c54bd6bbdf71046946cd89ba9399aac56dfd0
-
SSDEEP
98304:kUpUQp1iu+I3+gu/aUCl2zjii+CDOpzRVddpyeQENSsLJdNlJPBl/U:Zguh3XKe+iiCVtR5NS0jL/U
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-