General

  • Target

    94db25630e224de4d562f408ca6ed1259eae3645931174fcd57c07ad6933aa61.exe

  • Size

    5.1MB

  • Sample

    240523-b6ys7ahb71

  • MD5

    029b4a16951a6fb1f6a1fda9b39769b7

  • SHA1

    a64e56dc24e713637af0ef71b279f39843e0f0eb

  • SHA256

    94db25630e224de4d562f408ca6ed1259eae3645931174fcd57c07ad6933aa61

  • SHA512

    3a117b879f96c42387cc088a2f05f441222f0dfbfb4f405f1e09bc03f92cdfb27ffa986a1f9ad4ad1e6e8d2387d3c367a54dcf51a7c2e1f32f48fb15b8406bfc

  • SSDEEP

    98304:tfblDCLzsVGzo6WvZ4vALxjloC4/ozr0J:tblO8V+o6dv4iFAnc

Malware Config

Targets

    • Target

      94db25630e224de4d562f408ca6ed1259eae3645931174fcd57c07ad6933aa61.exe

    • Size

      5.1MB

    • MD5

      029b4a16951a6fb1f6a1fda9b39769b7

    • SHA1

      a64e56dc24e713637af0ef71b279f39843e0f0eb

    • SHA256

      94db25630e224de4d562f408ca6ed1259eae3645931174fcd57c07ad6933aa61

    • SHA512

      3a117b879f96c42387cc088a2f05f441222f0dfbfb4f405f1e09bc03f92cdfb27ffa986a1f9ad4ad1e6e8d2387d3c367a54dcf51a7c2e1f32f48fb15b8406bfc

    • SSDEEP

      98304:tfblDCLzsVGzo6WvZ4vALxjloC4/ozr0J:tblO8V+o6dv4iFAnc

    • Modifies firewall policy service

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks