General
-
Target
0203d873e829973442286495a39d5f214af944f8298784a2273e7181e3b281d2
-
Size
4.6MB
-
Sample
240801-2ewgvszbkp
-
MD5
9f94ba372ce87a8ec90f0a43b6b9f7b6
-
SHA1
19777ba5b1006b5906fdccecc079a4d239bed187
-
SHA256
0203d873e829973442286495a39d5f214af944f8298784a2273e7181e3b281d2
-
SHA512
b11cfad7da0254554524862fdc00baa85ebf7e774fc0eb5e94ca70838dda2339231daef65e7cbce56283ca30888e9dd2239a205da1f0b11672aeedd442b5ff44
-
SSDEEP
98304:MSyPy1mHB7Dt4i2bXcFTe24oFX/wJO4wHkUmRKlDfO15IZ0:MSCyUHVii2bXkT5Za5RKlDfO1qZ0
Behavioral task
behavioral1
Sample
0203d873e829973442286495a39d5f214af944f8298784a2273e7181e3b281d2.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0203d873e829973442286495a39d5f214af944f8298784a2273e7181e3b281d2.exe
Resource
win10-20240404-en
Malware Config
Extracted
risepro
194.110.13.70
147.45.47.169
Targets
-
-
Target
0203d873e829973442286495a39d5f214af944f8298784a2273e7181e3b281d2
-
Size
4.6MB
-
MD5
9f94ba372ce87a8ec90f0a43b6b9f7b6
-
SHA1
19777ba5b1006b5906fdccecc079a4d239bed187
-
SHA256
0203d873e829973442286495a39d5f214af944f8298784a2273e7181e3b281d2
-
SHA512
b11cfad7da0254554524862fdc00baa85ebf7e774fc0eb5e94ca70838dda2339231daef65e7cbce56283ca30888e9dd2239a205da1f0b11672aeedd442b5ff44
-
SSDEEP
98304:MSyPy1mHB7Dt4i2bXcFTe24oFX/wJO4wHkUmRKlDfO15IZ0:MSCyUHVii2bXkT5Za5RKlDfO1qZ0
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1