General
-
Target
b542adb1e853812925a1b5a1d1feac30125f05a9d7d0b1adce9ef4c6354c1066
-
Size
6.4MB
-
Sample
240529-rcbpkagf8w
-
MD5
0e0938f8a7266056305bfedda7e1e78a
-
SHA1
2b4aa419957936fa6c6a2afbadb6bc30c1c4895d
-
SHA256
b542adb1e853812925a1b5a1d1feac30125f05a9d7d0b1adce9ef4c6354c1066
-
SHA512
4c430686f61843fc17c67fa8e78357f576620937137b7153bd2da4cc4f73a104130c221f24fb8060a767eac178bb6b319763b964eeffaa339b73cce444286490
-
SSDEEP
98304:4fKBVJH2ukk8UDoy0TP8ElpHStcppg2uxy9hRPOcTt98jqgEsNjGmxjdc+X:KeVJYEJ09vxpi4IcRsF5X
Malware Config
Targets
-
-
Target
b542adb1e853812925a1b5a1d1feac30125f05a9d7d0b1adce9ef4c6354c1066
-
Size
6.4MB
-
MD5
0e0938f8a7266056305bfedda7e1e78a
-
SHA1
2b4aa419957936fa6c6a2afbadb6bc30c1c4895d
-
SHA256
b542adb1e853812925a1b5a1d1feac30125f05a9d7d0b1adce9ef4c6354c1066
-
SHA512
4c430686f61843fc17c67fa8e78357f576620937137b7153bd2da4cc4f73a104130c221f24fb8060a767eac178bb6b319763b964eeffaa339b73cce444286490
-
SSDEEP
98304:4fKBVJH2ukk8UDoy0TP8ElpHStcppg2uxy9hRPOcTt98jqgEsNjGmxjdc+X:KeVJYEJ09vxpi4IcRsF5X
Score10/10-
Modifies firewall policy service
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-