privateloader | ecfe6fb22dff160829a258b0dc35703846e8eb30bc16e1ce549321736b89b448 | Triage

Submit
Reports

Overview

overview

Static

static

7

7298b43de9...b9.exe

windows7-x64

7298b43de9...b9.exe

windows10-2004-x64

Sharing

General

Target

ecfe6fb22dff160829a258b0dc35703846e8eb30bc16e1ce549321736b89b448
Size

4.1MB
Sample

240516-c7fjnsgh3y
MD5

82e10f630345d4ed1541cd51798727a3
SHA1

142ecdb9590f66681b6e44d63779b0229ea66d92
SHA256

ecfe6fb22dff160829a258b0dc35703846e8eb30bc16e1ce549321736b89b448
SHA512

5f88195d3c6f9dd7cfbe9d50e13b99ba24dbac8ea8cd4ac9294bcbcd5bf760d272c5afaceaa5dd7f37dd538f6419fb0d23f50f763627bab6369506b1e6ece1dc
SSDEEP

98304:LhwSfKFGr6OtN7zTmgPG2exz5cLbanfBJDQk+E9cPZZbK:Lh/LZFo5IanfXDQk+E5

Score

10^/10

privateloader evasion loader themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

7298b43de9d8dc586ce35f452e67b98d234c2b005648ffb7e6a21bea06a8dcb9.exe

Resource

win7-20240221-en

privateloader evasion loader themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7298b43de9d8dc586ce35f452e67b98d234c2b005648ffb7e6a21bea06a8dcb9.exe

Resource

win10v2004-20240426-en

privateloader evasion loader themida trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  7298b43de9d8dc586ce35f452e67b98d234c2b005648ffb7e6a21bea06a8dcb9.exe
- Size
  
  4.2MB
- MD5
  
  362697c95a1c9964af1ab23ddfc29b04
- SHA1
  
  64f71233a4e12a1eab40fc9501c4f8c4c9eacba4
- SHA256
  
  7298b43de9d8dc586ce35f452e67b98d234c2b005648ffb7e6a21bea06a8dcb9
- SHA512
  
  e100db0020c09ae6e4e8d08c2aca00a4ad4c9efffd01902c9fa502a17d43a86e842177d8191a06b6a996c1523c9d127fc34352721f726f46308af764a0404120
- SSDEEP
  
  98304:o8wDn6ZtqG8Qf1VbnrTVi6bXD4ItYZpKFpzDtnROkTgZKL1UJ:ojL6Zt0QPDDbzHOKFpTOkM4LyJ
Score

10^/10

privateloader evasion loader themida trojan
- Modifies firewall policy service
  evasion
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

privateloaderevasionloaderthemidatrojan

behavioral2

privateloaderevasionloaderthemidatrojan

© 2018-2025

Terms | Privacy