General
-
Target
4e93e231a8414c142de58992a79d60b5c4625a1421903e52647b091f421782b8
-
Size
3.3MB
-
Sample
240528-mgws3sgf65
-
MD5
2cd1c0c32272ec4d63f1c4d47528d8f5
-
SHA1
76ff3a803b1a7f133c23621e77e9befebacde140
-
SHA256
4e93e231a8414c142de58992a79d60b5c4625a1421903e52647b091f421782b8
-
SHA512
63460c1822a4431ff1941868d49c078c5493b7875f9f112dcda7dd1a4deb07435249e13605d2622e750c9e21b5e4820b2405a1023efcd5a7587fab7cea7dd116
-
SSDEEP
49152:7S4le0H+8RtHhu77Jx04Q1kq54w2W8X8grM0pk6ZnyEtYE7S0EfJt2:7g0/49xckq5I8ZKxzm5x
Static task
static1
Behavioral task
behavioral1
Sample
4e93e231a8414c142de58992a79d60b5c4625a1421903e52647b091f421782b8.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
4e93e231a8414c142de58992a79d60b5c4625a1421903e52647b091f421782b8.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
4e93e231a8414c142de58992a79d60b5c4625a1421903e52647b091f421782b8
-
Size
3.3MB
-
MD5
2cd1c0c32272ec4d63f1c4d47528d8f5
-
SHA1
76ff3a803b1a7f133c23621e77e9befebacde140
-
SHA256
4e93e231a8414c142de58992a79d60b5c4625a1421903e52647b091f421782b8
-
SHA512
63460c1822a4431ff1941868d49c078c5493b7875f9f112dcda7dd1a4deb07435249e13605d2622e750c9e21b5e4820b2405a1023efcd5a7587fab7cea7dd116
-
SSDEEP
49152:7S4le0H+8RtHhu77Jx04Q1kq54w2W8X8grM0pk6ZnyEtYE7S0EfJt2:7g0/49xckq5I8ZKxzm5x
Score10/10-
Modifies firewall policy service
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-