General
-
Target
driver_booster_setup.exe
-
Size
28.4MB
-
Sample
240509-ct5lmsdc8z
-
MD5
19af89225259bf9ee269a74bbe85e6c2
-
SHA1
f9455e4e7f68de76304567ee41d8dc4f1126a1f3
-
SHA256
754eb8ab055095715c03f76840a42588e375b8f7b72d2c8bb7580456b26524b4
-
SHA512
381424332a501c805661501a1e7f5e257be48cbe9a99d1a06bda5a73c7486b171983a03396248f2913104829c1b8abb28cd1dbb654163d7527dbcdded4f4596f
-
SSDEEP
786432:ek67n39eN9LkC75Suthgp2tF+IUT8mCN0tqMYsiFJn4FV:g39eF7YurgQ/MJzFV
Static task
static1
Malware Config
Targets
-
-
Target
driver_booster_setup.exe
-
Size
28.4MB
-
MD5
19af89225259bf9ee269a74bbe85e6c2
-
SHA1
f9455e4e7f68de76304567ee41d8dc4f1126a1f3
-
SHA256
754eb8ab055095715c03f76840a42588e375b8f7b72d2c8bb7580456b26524b4
-
SHA512
381424332a501c805661501a1e7f5e257be48cbe9a99d1a06bda5a73c7486b171983a03396248f2913104829c1b8abb28cd1dbb654163d7527dbcdded4f4596f
-
SSDEEP
786432:ek67n39eN9LkC75Suthgp2tF+IUT8mCN0tqMYsiFJn4FV:g39eF7YurgQ/MJzFV
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1System Services
1Service Execution
1Defense Evasion
Impair Defenses
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1