General
-
Target
file.exe
-
Size
5.2MB
-
Sample
230509-ktwbzafa56
-
MD5
83ab8e3480d7543a80acf065eedba3c8
-
SHA1
b0d24bb33730abdbe67e137a0cddbc01380aa808
-
SHA256
80ee2b0cbfb7ecf1571669ba411b2a9bf0fc0293662a061055a17d7bdb30ead8
-
SHA512
7cf4e5addb32e079ccbd2b185bd9b73a8667ccca2572f55fc6f02105741dd018c31452a4e3eb8ab8930ccd3ab16caec3e5e445906c104d7008f958ba2c6c15e3
-
SSDEEP
98304:5lUfVD9zVKzdR5+SsLJdNlJPq1SoJXvaPIYh4Xbs37N3k:r6zVaj+S0jq1Soc1hyItk
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
5.2MB
-
MD5
83ab8e3480d7543a80acf065eedba3c8
-
SHA1
b0d24bb33730abdbe67e137a0cddbc01380aa808
-
SHA256
80ee2b0cbfb7ecf1571669ba411b2a9bf0fc0293662a061055a17d7bdb30ead8
-
SHA512
7cf4e5addb32e079ccbd2b185bd9b73a8667ccca2572f55fc6f02105741dd018c31452a4e3eb8ab8930ccd3ab16caec3e5e445906c104d7008f958ba2c6c15e3
-
SSDEEP
98304:5lUfVD9zVKzdR5+SsLJdNlJPq1SoJXvaPIYh4Xbs37N3k:r6zVaj+S0jq1Soc1hyItk
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-