General
-
Target
file
-
Size
386KB
-
Sample
221103-n1akmacbcj
-
MD5
2cacbcd2cc6cbaac2ab0270f5e341d50
-
SHA1
da3aea62ddf57c895acf630b62e972ef70defb60
-
SHA256
a3694a1695f21ff234a62d22c6d98dd4f5a7fd3e0edb25b0830d40612196e922
-
SHA512
6eef2ee4b169b14dbe5ee794556e82382e305dae1890b7b8e0acaaf44e17446def261fee1f86deeabccc77fc58577c4ab08bdba567f6ca651ec2c6348b811489
-
SSDEEP
12288:edXL4sFzfWs/Dtr6oYcxh2MdRog6EQpbief:E4IW0pr6cX2sojJief
Malware Config
Extracted
privateloader
http://108.174.200.11/MWTSL
Targets
-
-
Target
file
-
Size
386KB
-
MD5
2cacbcd2cc6cbaac2ab0270f5e341d50
-
SHA1
da3aea62ddf57c895acf630b62e972ef70defb60
-
SHA256
a3694a1695f21ff234a62d22c6d98dd4f5a7fd3e0edb25b0830d40612196e922
-
SHA512
6eef2ee4b169b14dbe5ee794556e82382e305dae1890b7b8e0acaaf44e17446def261fee1f86deeabccc77fc58577c4ab08bdba567f6ca651ec2c6348b811489
-
SSDEEP
12288:edXL4sFzfWs/Dtr6oYcxh2MdRog6EQpbief:E4IW0pr6cX2sojJief
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation