privateloader | fa4babcd6f894a4e3d3a44a1fe9c8aab222f3df9b0c43b5aeefcbe7ab1e152eb | Triage

Submit
Reports

Overview

overview

Static

static

7

JaffaCakes...eb.exe

windows7-x64

JaffaCakes...eb.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_fa4babcd6f894a4e3d3a44a1fe9c8aab222f3df9b0c43b5aeefcbe7ab1e152eb
Size

673.0MB
Sample

241225-ekmqksxmer
MD5

7389ff07b95878e0ea9187a7739fb746
SHA1

617391ebe2718489a21ad293038181a4745681ef
SHA256

fa4babcd6f894a4e3d3a44a1fe9c8aab222f3df9b0c43b5aeefcbe7ab1e152eb
SHA512

4f35b2e254a202a28bb057e91aac2ee71bd46d874247d3e4d69c50e6272fa7a8583b9bea27a735f24c5234f874ff5ae112fa0b4522a96e0309620c6a9febeaa2
SSDEEP

98304:sUOZO4ffXp2w8Xj0btxlugie9ADfVKd2DITIo5QUt6gsoV3TAn0wupSE3+eL:ss4Ef0btxkU2UcoagBlsE3+e

Score

10^/10

privateloader discovery evasion loader themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_fa4babcd6f894a4e3d3a44a1fe9c8aab222f3df9b0c43b5aeefcbe7ab1e152eb.exe

Resource

win7-20240903-en

privateloader discovery evasion loader themida trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_fa4babcd6f894a4e3d3a44a1fe9c8aab222f3df9b0c43b5aeefcbe7ab1e152eb.exe

Resource

win10v2004-20241007-en

privateloader discovery evasion loader themida trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_fa4babcd6f894a4e3d3a44a1fe9c8aab222f3df9b0c43b5aeefcbe7ab1e152eb
- Size
  
  673.0MB
- MD5
  
  7389ff07b95878e0ea9187a7739fb746
- SHA1
  
  617391ebe2718489a21ad293038181a4745681ef
- SHA256
  
  fa4babcd6f894a4e3d3a44a1fe9c8aab222f3df9b0c43b5aeefcbe7ab1e152eb
- SHA512
  
  4f35b2e254a202a28bb057e91aac2ee71bd46d874247d3e4d69c50e6272fa7a8583b9bea27a735f24c5234f874ff5ae112fa0b4522a96e0309620c6a9febeaa2
- SSDEEP
  
  98304:sUOZO4ffXp2w8Xj0btxlugie9ADfVKd2DITIo5QUt6gsoV3TAn0wupSE3+eL:ss4Ef0btxkU2UcoagBlsE3+e
Score

10^/10

privateloader discovery evasion loader themida trojan
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Privateloader family
  privateloader
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

privateloaderdiscoveryevasionloaderthemidatrojan

behavioral2

privateloaderdiscoveryevasionloaderthemidatrojan

© 2018-2025

Terms | Privacy