General
-
Target
AppGate2103v01.exe
-
Size
6.6MB
-
Sample
240524-dyxbhabc8s
-
MD5
04196b8a0869c9f19b3805b4f861a0e1
-
SHA1
8ed2478e15af46fa12059bc2e47cc638f3238fb0
-
SHA256
34f4c84b4046eb6c9b1a30ebaecc226f60170d8c575319354ae120c40e589973
-
SHA512
84f9f1de0c8bacce56917e401b8d5ff6a5613b9e231877e8d8be37bdfc03718605f2de39066bafb7fa44435d6eab840ed9c4868716d5127c86f2111b24786e82
-
SSDEEP
98304:txondzNbVrqNn9C18EPukfT6fys71nMBEKew2OfVcc:LSbqNn9C1LfT6nyBEKew2OfVcc
Behavioral task
behavioral1
Sample
AppGate2103v01.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
AppGate2103v01.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
AppGate2103v01.exe
-
Size
6.6MB
-
MD5
04196b8a0869c9f19b3805b4f861a0e1
-
SHA1
8ed2478e15af46fa12059bc2e47cc638f3238fb0
-
SHA256
34f4c84b4046eb6c9b1a30ebaecc226f60170d8c575319354ae120c40e589973
-
SHA512
84f9f1de0c8bacce56917e401b8d5ff6a5613b9e231877e8d8be37bdfc03718605f2de39066bafb7fa44435d6eab840ed9c4868716d5127c86f2111b24786e82
-
SSDEEP
98304:txondzNbVrqNn9C18EPukfT6fys71nMBEKew2OfVcc:LSbqNn9C1LfT6nyBEKew2OfVcc
-
Modifies firewall policy service
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-