General
-
Target
file
-
Size
3.6MB
-
Sample
221103-n471ascben
-
MD5
ad76b7a227250b281d144ec4228d59c1
-
SHA1
4f4efc232ac514bcb5062c123dcb22f2f2e77702
-
SHA256
145ec3f58b61c2fdc0a0720271665b0c0bff700d0a905d52b0871b51809ff7d2
-
SHA512
4af96adda83fbf2e61b0ad49edf832f7b64d104a42d1598c7e4c4867b9cc03ed1dd8ea6774f92922b1391b515158628ff6706ee732a4d1fc592a683170f9bd6c
-
SSDEEP
98304:MAtyd45GYd/syQ7bmEnOdSMPkQxlaBS/hVEl:MAty25BSvvmmOdSwkKYt
Malware Config
Targets
-
-
Target
file
-
Size
3.6MB
-
MD5
ad76b7a227250b281d144ec4228d59c1
-
SHA1
4f4efc232ac514bcb5062c123dcb22f2f2e77702
-
SHA256
145ec3f58b61c2fdc0a0720271665b0c0bff700d0a905d52b0871b51809ff7d2
-
SHA512
4af96adda83fbf2e61b0ad49edf832f7b64d104a42d1598c7e4c4867b9cc03ed1dd8ea6774f92922b1391b515158628ff6706ee732a4d1fc592a683170f9bd6c
-
SSDEEP
98304:MAtyd45GYd/syQ7bmEnOdSMPkQxlaBS/hVEl:MAty25BSvvmmOdSwkKYt
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-