General
-
Target
f0dc1c309bb1ca513d363aa09157f378.bin
-
Size
5.9MB
-
Sample
230507-kbcf5sad36
-
MD5
86ac0fb3d00a8eb65b70aff2c6533161
-
SHA1
063cf5d6e576eebba14c1f147c8457971a75d90a
-
SHA256
325c5fbdb9f772839aa2187b2e93fc32660bef5781edddac13ab40b5c4212422
-
SHA512
0bd0286b38bb89463856a0c08309f2a8d660cc8f04a79f77ba43d0649e75c2b6736512047847876a4fa35a8f55c6a641568bf3b985999df5c88ee0e5ad1976a4
-
SSDEEP
98304:Uvc5KzJ3hUPcw97dRmmEmEqAAOPdI2y/Rqp8XTFVg5LhLXFVlQ2bYp1b0vWj15fd:UFdGPc0BRmmEmVA5PdpYRzqLtPlQGYpB
Static task
static1
Behavioral task
behavioral1
Sample
7afa02cbe1abf639ae0913e5175e8a47d0428e63020dee38305344d88e7d09a6.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
7afa02cbe1abf639ae0913e5175e8a47d0428e63020dee38305344d88e7d09a6.exe
-
Size
6.4MB
-
MD5
f0dc1c309bb1ca513d363aa09157f378
-
SHA1
f4bb1261b188d305c5ddc49e36821208a426dc60
-
SHA256
7afa02cbe1abf639ae0913e5175e8a47d0428e63020dee38305344d88e7d09a6
-
SHA512
b91e3ecbf68b7e96e9e5a8d329d96527341ddc01d0fb1eacc329f6e90a4b7f1d5096d6d2cf7882bfc4b5667430b99b54ab0b7ee62ef75dfdff9476cdafd4fb26
-
SSDEEP
196608:ipZA/Zbs4LC3nKtwQcZFQMxMzGZTZoM2BLzonNSPyJc:ipy/ZbC3Qcnp29aJ
-
Detects any file with a triage score of 10
This file has been assigned a triage score of 10, indicating a high likelihood of malicious behavior.
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-