General
-
Target
fcc22a367ed0a8d8de94f5159ab12c32606f97326b832eb47327b7707ba457a6
-
Size
3.8MB
-
Sample
241027-nmrlzsvlcm
-
MD5
193692e1cf957eef7e6cf2f6bc74be86
-
SHA1
9d1f849b57c96ca71f0f90c73de97fa912b691d7
-
SHA256
fcc22a367ed0a8d8de94f5159ab12c32606f97326b832eb47327b7707ba457a6
-
SHA512
d0bcad2b98e5efc9c767f9a6ad87a6d62638131753bff22b21b883d90c23be17b65594b6d8c4510b255f28806b2a1dc2a01fc0e2138c3146d6e64abcd4a37697
-
SSDEEP
98304:agjjIlB/cHzyG0hlcX8fjr3oS6QLErN4QkMvqs:agwUTyGR8rqa7QkMis
Malware Config
Targets
-
-
Target
fcc22a367ed0a8d8de94f5159ab12c32606f97326b832eb47327b7707ba457a6
-
Size
3.8MB
-
MD5
193692e1cf957eef7e6cf2f6bc74be86
-
SHA1
9d1f849b57c96ca71f0f90c73de97fa912b691d7
-
SHA256
fcc22a367ed0a8d8de94f5159ab12c32606f97326b832eb47327b7707ba457a6
-
SHA512
d0bcad2b98e5efc9c767f9a6ad87a6d62638131753bff22b21b883d90c23be17b65594b6d8c4510b255f28806b2a1dc2a01fc0e2138c3146d6e64abcd4a37697
-
SSDEEP
98304:agjjIlB/cHzyG0hlcX8fjr3oS6QLErN4QkMvqs:agwUTyGR8rqa7QkMis
Score10/10-
Modifies firewall policy service
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Privateloader family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-