General
-
Target
9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d
-
Size
6.3MB
-
Sample
240526-q7sqwshe69
-
MD5
1306e81bc13677c04abe69a1d2ca4e12
-
SHA1
71e0de1475bbdfd9d244613d733ef33cf531e89c
-
SHA256
9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d
-
SHA512
413f356c8f556e720b0677d88e1d4328a21983e6ffc0f1c49ac19bde9df5e787409e2d7520e557ee7eeee39377140bc2a756aa2eb959c7b397ac3a7b124f86f2
-
SSDEEP
98304:vMlj6Zrx1GIpunUNmw6M47l6xhi91sq0Na3PNSw+i35dbX7MztyszU:EluZrf6nUeNlv91sFA3lEk5dbX7Mz8V
Behavioral task
behavioral1
Sample
9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d
-
Size
6.3MB
-
MD5
1306e81bc13677c04abe69a1d2ca4e12
-
SHA1
71e0de1475bbdfd9d244613d733ef33cf531e89c
-
SHA256
9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d
-
SHA512
413f356c8f556e720b0677d88e1d4328a21983e6ffc0f1c49ac19bde9df5e787409e2d7520e557ee7eeee39377140bc2a756aa2eb959c7b397ac3a7b124f86f2
-
SSDEEP
98304:vMlj6Zrx1GIpunUNmw6M47l6xhi91sq0Na3PNSw+i35dbX7MztyszU:EluZrf6nUeNlv91sFA3lEk5dbX7Mz8V
Score10/10-
Modifies firewall policy service
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-