privateloader | aa79b859945459fd6d1363c35e68c9d2674a78f1fdee02b8ddfab9a8fa011b48 | Triage

Submit
Reports

Overview

overview

Static

static

AA79B85994...E0.exe

windows7-x64

AA79B85994...E0.exe

windows10-2004-x64

Sharing

General

Target

AA79B859945459FD6D1363C35E68C9D2674A78F1FDEE0.exe
Size

3.4MB
Sample

220723-b93asabca6
MD5

8cb16836d413b3503fdad98fe3717d2f
SHA1

6676345eee8b504452bbd0d09031384a57e898c8
SHA256

aa79b859945459fd6d1363c35e68c9d2674a78f1fdee02b8ddfab9a8fa011b48
SHA512

3dc17067a8e21219c8fc3493ef208840d46926539b2779af804d869c330fd1d3640cc1e6d23dc71241f306d461cc11940782476c91dc81c1121bff61440d67cd

Score

10^/10

privateloader vidar 706 aspackv2 loader stealer

Static task

static1

Behavioral task

behavioral1

Sample

AA79B859945459FD6D1363C35E68C9D2674A78F1FDEE0.exe

Resource

win7-20220718-en

privateloader vidar 706 aspackv2 loader stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

AA79B859945459FD6D1363C35E68C9D2674A78F1FDEE0.exe

Resource

win10v2004-20220721-en

privateloader vidar 706 aspackv2 loader stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

privateloader

C2

http://37.0.10.214/proxies.txt

http://37.0.10.244/server.txt

http://wfsdragon.ru/api/setStats.php

37.0.10.237

Extracted

Family

vidar

Version

40.1

Botnet

706

C2

https://eduarroma.tumblr.com/

Attributes

profile_id
706

Targets

- Target
  
  AA79B859945459FD6D1363C35E68C9D2674A78F1FDEE0.exe
- Size
  
  3.4MB
- MD5
  
  8cb16836d413b3503fdad98fe3717d2f
- SHA1
  
  6676345eee8b504452bbd0d09031384a57e898c8
- SHA256
  
  aa79b859945459fd6d1363c35e68c9d2674a78f1fdee02b8ddfab9a8fa011b48
- SHA512
  
  3dc17067a8e21219c8fc3493ef208840d46926539b2779af804d869c330fd1d3640cc1e6d23dc71241f306d461cc11940782476c91dc81c1121bff61440d67cd
Score

10^/10

privateloader vidar 706 aspackv2 loader stealer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

privateloadervidar706aspackv2loaderstealer

behavioral2

privateloadervidar706aspackv2loaderstealer

© 2018-2024

Terms | Privacy