General
-
Target
File.zip
-
Size
6.7MB
-
Sample
221123-kbamjsgg65
-
MD5
02e7ca1129049755697c8185ac8f98b9
-
SHA1
19b0767579e4e249c186a5c99ddeb20eb59d65f5
-
SHA256
60c91275e72e426d18c59911b3284051196d398d01e69a3e2ddc4cdb15891e5c
-
SHA512
7acb046dea66ad144aeb15c6d913f4e7778193776f600db6c37f5435c23b77ffc6d041c38769300808287e45d28b950eadc53e709c5ae26c21f97c9dfc9cda91
-
SSDEEP
98304:QlA2Ah1WzTCMAiTJYbxGJQqeuHdUo/inp15EvNWFras60mFfx57Tv:UU1WnEMQpuHdUI81zl5mRT7z
Malware Config
Targets
-
-
Target
Install.exe
-
Size
679.0MB
-
MD5
d0dee3aac6a71aa9e9e4fc6e411574f0
-
SHA1
bb8446460a77e3b57efb3e6d0e9714ab5bf1ddf6
-
SHA256
aa37e35b0e18bd878d26854cb434a7a3e9447a576cfb0fd2002762f2d8907fda
-
SHA512
d0a9677372909afb7441aa351da32f62c2f59e081d76de2f3b8d318fb02d5c4534ff46cb7ae326e8547743416ac6cf8746c2b1399d5f737c1a35c2b8a3c66394
-
SSDEEP
98304:9jTrY/axAte0Lh4VswwO1He5+o36XLz/G3nuF2PmGwzkSLEXHdzjf+:V8deq4V7He5+aCzbQPwzs3BjW
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-