General

  • Target

    LisectAVT_2403002B_181.exe

  • Size

    4.8MB

  • Sample

    240725-bc823ayapm

  • MD5

    e5cf3fd14ed4f4a7ce9b5d8a53d46f8e

  • SHA1

    55eb77f143985da49eb6d8973a1c13bdbab3add9

  • SHA256

    e7bfcde779566ca5c950d7f9602a11f83ef54a746f53406649e88884313a469f

  • SHA512

    6ed17418640c80ee707f9be563afe0d6173abc85e773bb4f2f3f29f95be885abebb2d481376ae5036d4ac492a7c1e3aaf5ccf25f6325639f51ef90e11f358b5d

  • SSDEEP

    98304:GiIOIQKetb5uDv/tFAOoLKSIc5EP61wNYZiu7JfQmEM9:rIbCEA1EP614g9fQm59

Malware Config

Extracted

Family

privateloader

C2

208.67.104.60

Targets

    • Target

      LisectAVT_2403002B_181.exe

    • Size

      4.8MB

    • MD5

      e5cf3fd14ed4f4a7ce9b5d8a53d46f8e

    • SHA1

      55eb77f143985da49eb6d8973a1c13bdbab3add9

    • SHA256

      e7bfcde779566ca5c950d7f9602a11f83ef54a746f53406649e88884313a469f

    • SHA512

      6ed17418640c80ee707f9be563afe0d6173abc85e773bb4f2f3f29f95be885abebb2d481376ae5036d4ac492a7c1e3aaf5ccf25f6325639f51ef90e11f358b5d

    • SSDEEP

      98304:GiIOIQKetb5uDv/tFAOoLKSIc5EP61wNYZiu7JfQmEM9:rIbCEA1EP614g9fQm59

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks