Overview

overview

10

Static

static

1

7afa02cbe1...a6.exe

windows7-x64

10

7afa02cbe1...a6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f0dc1c309bb1ca513d363aa09157f378.bin

  • Size

    5.9MB

  • Sample

    230507-kbcf5sad36

  • MD5

    86ac0fb3d00a8eb65b70aff2c6533161

  • SHA1

    063cf5d6e576eebba14c1f147c8457971a75d90a

  • SHA256

    325c5fbdb9f772839aa2187b2e93fc32660bef5781edddac13ab40b5c4212422

  • SHA512

    0bd0286b38bb89463856a0c08309f2a8d660cc8f04a79f77ba43d0649e75c2b6736512047847876a4fa35a8f55c6a641568bf3b985999df5c88ee0e5ad1976a4

  • SSDEEP

    98304:Uvc5KzJ3hUPcw97dRmmEmEqAAOPdI2y/Rqp8XTFVg5LhLXFVlQ2bYp1b0vWj15fd:UFdGPc0BRmmEmVA5PdpYRzqLtPlQGYpB

Score
10/10
privateloaderdiscoveryevasionloaderspywarestealertrojan

Malware Config

Targets

    • Target

      7afa02cbe1abf639ae0913e5175e8a47d0428e63020dee38305344d88e7d09a6.exe

    • Size

      6.4MB

    • MD5

      f0dc1c309bb1ca513d363aa09157f378

    • SHA1

      f4bb1261b188d305c5ddc49e36821208a426dc60

    • SHA256

      7afa02cbe1abf639ae0913e5175e8a47d0428e63020dee38305344d88e7d09a6

    • SHA512

      b91e3ecbf68b7e96e9e5a8d329d96527341ddc01d0fb1eacc329f6e90a4b7f1d5096d6d2cf7882bfc4b5667430b99b54ab0b7ee62ef75dfdff9476cdafd4fb26

    • SSDEEP

      196608:ipZA/Zbs4LC3nKtwQcZFQMxMzGZTZoM2BLzonNSPyJc:ipy/ZbC3Qcnp29aJ

    Score
    10/10
    privateloaderevasionloadertrojandiscoveryspywarestealer

    • Detects any file with a triage score of 10

      This file has been assigned a triage score of 10, indicating a high likelihood of malicious behavior.

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

5
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks