privateloader

Sharing

Copy URL

Twitter E-mail

General

Target

WinRAR-ZIP-Archiv (neu).zip
Size

23.5MB
Sample

240501-y31jyaff6w
MD5

62bcd58e60ac45054f183dd28604c3ea
SHA1

20be755fe04d6b9dda7b0d7b96ffdabb89566c5e
SHA256

260a6dbcca13643e8bdffb89c2b935e85c9b27fe89cf0a0c0efb82263bc1bb48
SHA512

bf03e557824d7b68538b4fb46247be1ce5190a2f14fb9c0ee49afba45e36f675a373946ec66ae1566e393c13570d24c18478385e5e7d297cbd816e59042baf59
SSDEEP

393216:G+ZIxE2gPN71XfFZypubmSz3BeHsNo/7lmgBVH3P1t6zylHWzwt69OmylsvfmXCq:G+GxEDFNfFBbmTjTlVBV/1+iiTy4nOTN

Score

10^/10

Malware Config

Targets

- Target
  
  Neuer Ordner/Arxvestiy.exe
- Size
  
  24.1MB
- MD5
  
  422d34314b11f0c3fcc01384a1aa2cfa
- SHA1
  
  879686ece371c0db4a1c7a4411fe9759785debdb
- SHA256
  
  1032b5ba7302a7bd466427dac1c6c2339e4d8901370417bb265779be95462cd5
- SHA512
  
  78cd4c64cde2567e0b8639c22cdf17bff795c9946c7de21360f77b2c5f17810a2fc3447103d05bbc7bbe97c6a8dc1253fdead14f65188d47fd8b15279eaefac5
- SSDEEP
  
  786432:aGnDa8TnMExrvJ4FMW/wNPsgb1kI0vXOiqIz4k3OUqq/:aQcENvyYNEgbVq+hIzZqq/
Score

10^/10

evasion persistence themida trojan privateloader loader
- Modifies visiblity of hidden/system files in Explorer
  evasion
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Neuer Ordner/SecureEngineSDK64.dll
- Size
  
  28KB
- MD5
  
  6d8722b257230e3f691197715ec2b4b1
- SHA1
  
  bf141f3aff5b5e1cd2f02a5d81125931ba4a842d
- SHA256
  
  175a75ca524b269b25fb5144dc0abb4ac9b1673852df3abfbd4f6c449e01827d
- SHA512
  
  b6d077c57780ab6d58649cee36a1016573adfcafcfa8c823297a19f8bb1d1ea0c1b613044076bcd805a0c18dc37a78208ebaa4d0e19c192b65415028355f1069
- SSDEEP
  
  192:3Mi08s5GvuxBdzbNEQaSpqX5xS5haVWUcSAfMVIBizxhv:cdZxBhaHfSsA0V
Score

1^/10
behavioral3 behavioral4
- Target
  
  Neuer Ordner/libcurl.dll
- Size
  
  497KB
- MD5
  
  65fbb7674548d159e5bc1c5bb5dda427
- SHA1
  
  87ae6fe4045bb4d50def309b24c96930b63b89b2
- SHA256
  
  b3548dc70f66694e37b10ff26237a0b8d553fe6e1ad55565893878f2455a18bf
- SHA512
  
  f2f096cde7cd03401f48b947a4dcdb0557de50483e6691bf1b46f20c5029b0b91e625aeb1a1357f195eb6d75cbbfc4b2eb0960a3dc2efd91a4835743783d6655
- SSDEEP
  
  12288:Z+YFNRqjLSbhPgVJlWbSsDU0Eah0KJdHFWW1moH:Z+6hPy2DU0Eah0K/FW7oH
Score

1^/10
behavioral5 behavioral6
- Target
  
  Neuer Ordner/zlib1.dll
- Size
  
  85KB
- MD5
  
  6b2cfe74852195fb8187f368b74f7635
- SHA1
  
  e23e54714355b852726e81a17c444059e0d1339c
- SHA256
  
  be93482393ca7d2b440d5559d86268758dadf2f13899978e0271ab1db06b8091
- SHA512
  
  6f3ffb5baf6d89ecd76fbdd949327ad12bcfc25b973dc81df498033e3dd65e4bb9774d696e4059abd336dff3cb219ed5a36d38e2e0f63dae2db22c96c359ccd6
- SSDEEP
  
  1536:kTHRfzojvOeiRMPrpbAE1ApOal2qk0MGmnToIfUIOcIOYGW3wY:UBzojvOeiRMTtAEepOT0PSTBf6SYfwY
Score

1^/10
behavioral7 behavioral8