General
-
Target
d43df58a2a5f5c0553a3a80375f9388cb06b365018fc1da21d50bf777efd3a77
-
Size
6.1MB
-
Sample
240527-nls4eshf9v
-
MD5
ef25d40267a23924210989a31b6fe6ab
-
SHA1
8642da158dee5ff584c462c51b11b47401dcfea6
-
SHA256
d43df58a2a5f5c0553a3a80375f9388cb06b365018fc1da21d50bf777efd3a77
-
SHA512
3df37b6b3da77e5efd4f17bc4a3b2769009b943612187ae21552d671f4e4a23a43a7fc468cade4e7aa4a9f08b08a4cbb46d15a535935102578210bc9e5bbcfe1
-
SSDEEP
98304:hgEryB3dLCnvXgjvC8giqW/qGXbWg555yo3uZuuLnWfOPEI1:WSsNLCnvgjvrgiFqChN3uZuuLnWfO8I1
Malware Config
Targets
-
-
Target
d43df58a2a5f5c0553a3a80375f9388cb06b365018fc1da21d50bf777efd3a77
-
Size
6.1MB
-
MD5
ef25d40267a23924210989a31b6fe6ab
-
SHA1
8642da158dee5ff584c462c51b11b47401dcfea6
-
SHA256
d43df58a2a5f5c0553a3a80375f9388cb06b365018fc1da21d50bf777efd3a77
-
SHA512
3df37b6b3da77e5efd4f17bc4a3b2769009b943612187ae21552d671f4e4a23a43a7fc468cade4e7aa4a9f08b08a4cbb46d15a535935102578210bc9e5bbcfe1
-
SSDEEP
98304:hgEryB3dLCnvXgjvC8giqW/qGXbWg555yo3uZuuLnWfOPEI1:WSsNLCnvgjvrgiFqChN3uZuuLnWfO8I1
Score10/10-
Modifies firewall policy service
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-