privateloader | 5e440e04f382464db10245c9f730d64d839368ef763bb564deadcacafb24e32b | Triage

Submit
Reports

Overview

overview

Static

static

5E440E04F3...BB.exe

windows7-x64

5E440E04F3...BB.exe

windows10-2004-x64

Sharing

General

Target

5E440E04F382464DB10245C9F730D64D839368EF763BB.exe
Size

3.2MB
Sample

220730-zja1lsgden
MD5

51f897624058278c2e5e68bc78f30c51
SHA1

98a5054d035323b02d8e513994231c08ebbba5b6
SHA256

5e440e04f382464db10245c9f730d64d839368ef763bb564deadcacafb24e32b
SHA512

6ca87ae92b32efe818ab2954060ceae44b4e622b4b5907cab68171b3c6f773ac3a47574088419ec3b8fbe7857953806438bde55353c372935e04800a37456872

Score

10^/10

privateloader vidar 706 aspackv2 loader stealer

Static task

static1

Behavioral task

behavioral1

Sample

5E440E04F382464DB10245C9F730D64D839368EF763BB.exe

Resource

win7-20220718-en

privateloader vidar 706 aspackv2 loader stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

5E440E04F382464DB10245C9F730D64D839368EF763BB.exe

Resource

win10v2004-20220721-en

privateloader vidar 706 aspackv2 loader stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

39.7

Botnet

706

C2

https://shpak125.tumblr.com/

Attributes

profile_id
706

Targets

- Target
  
  5E440E04F382464DB10245C9F730D64D839368EF763BB.exe
- Size
  
  3.2MB
- MD5
  
  51f897624058278c2e5e68bc78f30c51
- SHA1
  
  98a5054d035323b02d8e513994231c08ebbba5b6
- SHA256
  
  5e440e04f382464db10245c9f730d64d839368ef763bb564deadcacafb24e32b
- SHA512
  
  6ca87ae92b32efe818ab2954060ceae44b4e622b4b5907cab68171b3c6f773ac3a47574088419ec3b8fbe7857953806438bde55353c372935e04800a37456872
Score

10^/10

privateloader vidar 706 aspackv2 loader stealer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

privateloadervidar706aspackv2loaderstealer

behavioral2

privateloadervidar706aspackv2loaderstealer

© 2018-2024

Terms | Privacy