Overview

overview

10

Static

static

D626B63E65...B1.exe

windows7-x64

10

D626B63E65...B1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2022 17:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    D626B63E65618C3912E53028484168DC213F2BF7CC5B1.exe

  • Size

    299KB

  • MD5

    004b18c66d7b92eeaeeb6a5f5a6412e2

  • SHA1

    80476ca6f5edc43102e1d3f57f0fbb51cab000d4

  • SHA256

    d626b63e65618c3912e53028484168dc213f2bf7cc5b1576bc02817d00724c2d

  • SHA512

    f29db0f1d03b0876029550a0409a95c2cb9fd7f5ee7abe93cfa96413fd00fe7ae763434f4071dc323ebd588da015afb9d81832549b44fb15a0acb24cf903c67a

  • SSDEEP

    3072:87n4Miogzkfb96qKkX0d90J7l5Xf6aG8HpxSYW7NMliBpCDUHv8axujqN:44f/gfb9JlEdCHVG8JQYq3PHvZuj

Score
10/10
privateloaderloader

Malware Config

Extracted

Family

privateloader

C2

http://212.193.30.45/proxies.txt

http://45.144.225.57/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

2.56.59.42

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs

Processes

  • C:\Users\Admin\AppData\Local\Temp\D626B63E65618C3912E53028484168DC213F2BF7CC5B1.exe
    "C:\Users\Admin\AppData\Local\Temp\D626B63E65618C3912E53028484168DC213F2BF7CC5B1.exe"
    1⤵
      PID:4104

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Web Service

    1
    T1102

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4104-132-0x000000000050E000-0x000000000052A000-memory.dmp
      Filesize

      112KB

      Download
    • memory/4104-133-0x00000000021E0000-0x0000000002213000-memory.dmp
      Filesize

      204KB

      Download
    • memory/4104-134-0x0000000000400000-0x0000000000456000-memory.dmp
      Filesize

      344KB

      Download
    • memory/4104-135-0x0000000000400000-0x0000000000456000-memory.dmp
      Filesize

      344KB

      Download