General
-
Target
AA79B859945459FD6D1363C35E68C9D2674A78F1FDEE0.exe
-
Size
3.4MB
-
Sample
220723-b93asabca6
-
MD5
8cb16836d413b3503fdad98fe3717d2f
-
SHA1
6676345eee8b504452bbd0d09031384a57e898c8
-
SHA256
aa79b859945459fd6d1363c35e68c9d2674a78f1fdee02b8ddfab9a8fa011b48
-
SHA512
3dc17067a8e21219c8fc3493ef208840d46926539b2779af804d869c330fd1d3640cc1e6d23dc71241f306d461cc11940782476c91dc81c1121bff61440d67cd
Static task
static1
Behavioral task
behavioral1
Sample
AA79B859945459FD6D1363C35E68C9D2674A78F1FDEE0.exe
Resource
win7-20220718-en
Malware Config
Extracted
privateloader
http://37.0.10.214/proxies.txt
http://37.0.10.244/server.txt
http://wfsdragon.ru/api/setStats.php
37.0.10.237
Extracted
vidar
40.1
706
https://eduarroma.tumblr.com/
-
profile_id
706
Targets
-
-
Target
AA79B859945459FD6D1363C35E68C9D2674A78F1FDEE0.exe
-
Size
3.4MB
-
MD5
8cb16836d413b3503fdad98fe3717d2f
-
SHA1
6676345eee8b504452bbd0d09031384a57e898c8
-
SHA256
aa79b859945459fd6d1363c35e68c9d2674a78f1fdee02b8ddfab9a8fa011b48
-
SHA512
3dc17067a8e21219c8fc3493ef208840d46926539b2779af804d869c330fd1d3640cc1e6d23dc71241f306d461cc11940782476c91dc81c1121bff61440d67cd
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-