General
-
Target
f0587649682207064554a2372966435d.exe
-
Size
6.6MB
-
Sample
240525-jbtvraae5x
-
MD5
f0587649682207064554a2372966435d
-
SHA1
2e8b948dfcffceb8acf550a585d2ea127f28f41f
-
SHA256
6bd479dd9293043d4149641897629169df609adf72926d32adfe0094c583828e
-
SHA512
f5d683b9f71f5f3647d0592f801c02f1dcea7eb49b16fa2e481487d0abc1770610dc9182148a68f749b19950fc3b122911ae0fd1b167ce5dde31931a14b45fdd
-
SSDEEP
49152:/d84kqSab6V599+xS6Zokh5QK4SbHo/xak/tMw1NxcwCr4RCmUUdr5snBK0PSGUh:/G4kwGb948Aok/+OwVRcwksVsnkL7
Behavioral task
behavioral1
Sample
f0587649682207064554a2372966435d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f0587649682207064554a2372966435d.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
f0587649682207064554a2372966435d.exe
-
Size
6.6MB
-
MD5
f0587649682207064554a2372966435d
-
SHA1
2e8b948dfcffceb8acf550a585d2ea127f28f41f
-
SHA256
6bd479dd9293043d4149641897629169df609adf72926d32adfe0094c583828e
-
SHA512
f5d683b9f71f5f3647d0592f801c02f1dcea7eb49b16fa2e481487d0abc1770610dc9182148a68f749b19950fc3b122911ae0fd1b167ce5dde31931a14b45fdd
-
SSDEEP
49152:/d84kqSab6V599+xS6Zokh5QK4SbHo/xak/tMw1NxcwCr4RCmUUdr5snBK0PSGUh:/G4kwGb948Aok/+OwVRcwksVsnkL7
Score10/10-
Modifies firewall policy service
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-