privateloader

Sharing

General

Target

01e1bbb9bb2c3e5ed68df65a2846faa611ec9bfcbf664e0abd5b72005502cac4
Size

1.2MB
Sample

220801-tfpfyadccr
MD5

74fb663087b66cbbc305c940bd1090e6
SHA1

8fed8e979fd86ef3712ceb4d1a47d1bd670837e7
SHA256

01e1bbb9bb2c3e5ed68df65a2846faa611ec9bfcbf664e0abd5b72005502cac4
SHA512

1e7d224df8c2d07a9811bfa1548c7eb6fb5fd41f75ab4de888d410738ee77fa3673fc71afa31f4b094d2788154b6b5f1dfd8cb73bf510eb59068069a30b0a738

Score

10^/10

privateloader raccoon redline 4 @tag12312341 afb5c633c4650f69312baef49db9dfa4 alex f0c8034c83808635df0d9d8726d1bfd6 nam3 discovery infostealer loader spyware stealer

Malware Config

Extracted

Family

redline

Botnet

nam3

103.89.90.61:18728

Attributes

auth_value
64b900120bbceaa6a9c60e9079492895

Extracted

Family

redline

Botnet

alex

185.106.92.128:16509

Attributes

auth_value
4f79d5b8f5aae9e19c9693489b4872c0

Extracted

Family

redline

Botnet

@tag12312341

62.204.41.144:14096

Attributes

auth_value
71466795417275fac01979e57016e277

Extracted

Family

redline

Botnet

31.41.244.134:11643

Attributes

auth_value
a516b2d034ecd34338f12b50347fbd92

Extracted

Family

raccoon

Botnet

afb5c633c4650f69312baef49db9dfa4

http://77.73.132.84

rc4.plain

Extracted

Family

redline

185.215.113.46:8223

Attributes

auth_value
1c36b510dbc8ee0265942899b008d972

Extracted

Family

privateloader

http://163.123.143.4/proxies.txt

http://193.233.177.215/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

163.123.143.12

Extracted

Family

raccoon

Botnet

f0c8034c83808635df0d9d8726d1bfd6

http://45.95.11.158/

rc4.plain

Targets

- Target
  
  01e1bbb9bb2c3e5ed68df65a2846faa611ec9bfcbf664e0abd5b72005502cac4
- Size
  
  1.2MB
- MD5
  
  74fb663087b66cbbc305c940bd1090e6
- SHA1
  
  8fed8e979fd86ef3712ceb4d1a47d1bd670837e7
- SHA256
  
  01e1bbb9bb2c3e5ed68df65a2846faa611ec9bfcbf664e0abd5b72005502cac4
- SHA512
  
  1e7d224df8c2d07a9811bfa1548c7eb6fb5fd41f75ab4de888d410738ee77fa3673fc71afa31f4b094d2788154b6b5f1dfd8cb73bf510eb59068069a30b0a738
Score

10^/10

privateloader raccoon redline 4 @tag12312341 afb5c633c4650f69312baef49db9dfa4 alex f0c8034c83808635df0d9d8726d1bfd6 nam3 discovery infostealer loader spyware stealer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1