privateloader

Sharing

General

Target

315118d1d693359118ceee69a1c482b01fe4eee8e97bb646c49825a4dcec1ffd
Size

1.4MB
Sample

220726-n7bq9scfd6
MD5

4aee1a800982513b84e37b09e8cc9483
SHA1

55c3d9f1a66c0455337a387f4e15af7785a45c51
SHA256

315118d1d693359118ceee69a1c482b01fe4eee8e97bb646c49825a4dcec1ffd
SHA512

ea65f2d7702ec05f685906ad9dde9283d5994c17ba6ef32afc9a0d321325d33e1b359fa50a986ea44e56b6529a40d48facdfca84860974e6b0cb9ea6d9f79da3

Score

10^/10

privateloader redline 4 5076357887 @tag12312341 https://t.me/insttailer nam3 discovery infostealer loader persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

nam3

103.89.90.61:18728

Attributes

auth_value
64b900120bbceaa6a9c60e9079492895

Extracted

Family

redline

Botnet

31.41.244.134:11643

Attributes

auth_value
a516b2d034ecd34338f12b50347fbd92

Extracted

Family

redline

Botnet

@tag12312341

62.204.41.144:14096

Attributes

auth_value
71466795417275fac01979e57016e277

Extracted

Family

redline

Botnet

https://t.me/insttailer

185.199.224.90:37143

Attributes

auth_value
1e73e022970e3ad55c62cb5010e7599b

Extracted

Family

redline

Botnet

5076357887

185.87.149.167:31402

Attributes

auth_value
0dfaff60271d374d0c206d19883e06f3

Extracted

Family

privateloader

http://163.123.143.4/proxies.txt

http://193.233.177.215/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

163.123.143.12

Targets

- Target
  
  315118d1d693359118ceee69a1c482b01fe4eee8e97bb646c49825a4dcec1ffd
- Size
  
  1.4MB
- MD5
  
  4aee1a800982513b84e37b09e8cc9483
- SHA1
  
  55c3d9f1a66c0455337a387f4e15af7785a45c51
- SHA256
  
  315118d1d693359118ceee69a1c482b01fe4eee8e97bb646c49825a4dcec1ffd
- SHA512
  
  ea65f2d7702ec05f685906ad9dde9283d5994c17ba6ef32afc9a0d321325d33e1b359fa50a986ea44e56b6529a40d48facdfca84860974e6b0cb9ea6d9f79da3
Score

10^/10

privateloader redline 4 5076357887 @tag12312341 https://t.me/insttailer nam3 discovery infostealer loader persistence spyware stealer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1