General
-
Target
Install.zip
-
Size
5.7MB
-
Sample
221123-kbaybacb8s
-
MD5
973642a158bca9861af32a0f6d40d5c4
-
SHA1
d09db919359a43a52e9286d3a01a663f0487b654
-
SHA256
48530bf4c662b6b104a304696ab4597de2b0ff78af1c7fefc8d0692ed019848e
-
SHA512
49b2e0b0b3ef5814424e07c3dc3615c5970b6360de24a857863866d7c7cb26a098c1b3af9bb8e947eade64e17902fba01f4e713c28a4c9596954410689133907
-
SSDEEP
98304:oITNm564zWizza1zskKD8XRzXaHbKBvS1GRl9wLX95AE74:VTNm5LW86skkIzBRSQijX74
Malware Config
Targets
-
-
Target
Install.exe
-
Size
679.0MB
-
MD5
d0dee3aac6a71aa9e9e4fc6e411574f0
-
SHA1
bb8446460a77e3b57efb3e6d0e9714ab5bf1ddf6
-
SHA256
aa37e35b0e18bd878d26854cb434a7a3e9447a576cfb0fd2002762f2d8907fda
-
SHA512
d0a9677372909afb7441aa351da32f62c2f59e081d76de2f3b8d318fb02d5c4534ff46cb7ae326e8547743416ac6cf8746c2b1399d5f737c1a35c2b8a3c66394
-
SSDEEP
98304:9jTrY/axAte0Lh4VswwO1He5+o36XLz/G3nuF2PmGwzkSLEXHdzjf+:V8deq4V7He5+aCzbQPwzs3BjW
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-