Overview

overview

10

Static

static

3

LisectAVT_...81.exe

windows7-x64

10

LisectAVT_...81.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LisectAVT_2403002B_181.exe

  • Size

    4.8MB

  • Sample

    240725-bc823ayapm

  • MD5

    e5cf3fd14ed4f4a7ce9b5d8a53d46f8e

  • SHA1

    55eb77f143985da49eb6d8973a1c13bdbab3add9

  • SHA256

    e7bfcde779566ca5c950d7f9602a11f83ef54a746f53406649e88884313a469f

  • SHA512

    6ed17418640c80ee707f9be563afe0d6173abc85e773bb4f2f3f29f95be885abebb2d481376ae5036d4ac492a7c1e3aaf5ccf25f6325639f51ef90e11f358b5d

  • SSDEEP

    98304:GiIOIQKetb5uDv/tFAOoLKSIc5EP61wNYZiu7JfQmEM9:rIbCEA1EP614g9fQm59

Score
10/10
privateloaderdiscoveryevasionloadertrojan

Malware Config

Extracted

Family

privateloader

C2

208.67.104.60

Targets

    • Target

      LisectAVT_2403002B_181.exe

    • Size

      4.8MB

    • MD5

      e5cf3fd14ed4f4a7ce9b5d8a53d46f8e

    • SHA1

      55eb77f143985da49eb6d8973a1c13bdbab3add9

    • SHA256

      e7bfcde779566ca5c950d7f9602a11f83ef54a746f53406649e88884313a469f

    • SHA512

      6ed17418640c80ee707f9be563afe0d6173abc85e773bb4f2f3f29f95be885abebb2d481376ae5036d4ac492a7c1e3aaf5ccf25f6325639f51ef90e11f358b5d

    • SSDEEP

      98304:GiIOIQKetb5uDv/tFAOoLKSIc5EP61wNYZiu7JfQmEM9:rIbCEA1EP614g9fQm59

    Score
    10/10
    privateloaderdiscoveryevasionloadertrojan

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks