General
-
Target
install.exe.bin
-
Size
67.0MB
-
Sample
230507-k2nl4afa51
-
MD5
c2047a3bacbbf43f714a41298eb5611c
-
SHA1
f359a81c49624065e7e9b7b1896b82efec243808
-
SHA256
620f06a35ad00ad76da495f7fe674a2cfbdf002a26cf906463dc5c193faa1db5
-
SHA512
8b2bb6862a2cd46d1affbc1434c800a812d3928703be57af99c909b1a36fb976d3203cba635b43fe4d9e3e5ab855cbefdfc436a4f93245f8abba708d9c8924d5
-
SSDEEP
98304:sUOZO4ffXp2w8Xj0btxlugie9ADfVKd2DITIo5QUt6gsoV3TAn0wupSE3+eL:ss4Ef0btxkU2UcoagBlsE3+e
Behavioral task
behavioral1
Sample
install.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
install.exe.bin
-
Size
67.0MB
-
MD5
c2047a3bacbbf43f714a41298eb5611c
-
SHA1
f359a81c49624065e7e9b7b1896b82efec243808
-
SHA256
620f06a35ad00ad76da495f7fe674a2cfbdf002a26cf906463dc5c193faa1db5
-
SHA512
8b2bb6862a2cd46d1affbc1434c800a812d3928703be57af99c909b1a36fb976d3203cba635b43fe4d9e3e5ab855cbefdfc436a4f93245f8abba708d9c8924d5
-
SSDEEP
98304:sUOZO4ffXp2w8Xj0btxlugie9ADfVKd2DITIo5QUt6gsoV3TAn0wupSE3+eL:ss4Ef0btxkU2UcoagBlsE3+e
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-