privateloader | 4762f9b832a0f5b565090b5b765c943425bdad0841a185c9d91b1a09c7278b3a | Triage

Sharing

General

Target

file.exe
Size

254KB
Sample

221124-rx2rgsag68
MD5

ab8892814d225964d8555a6de9b573a1
SHA1

71912b07502b59e35e19ec944ffe63b1d68a0c4f
SHA256

4762f9b832a0f5b565090b5b765c943425bdad0841a185c9d91b1a09c7278b3a
SHA512

5f2032e0d25a3d923db919309527b21ebe2e41d959af207e2bf4e9ce38852897b53cdb33d60573fb9d854b8424abff021b6742fe78f6be84346a80e46fb3e848
SSDEEP

6144:gJCl3eGrU+IRFtM+yJ4wMp5+6k9PbNiWiehbSLsAz:gsMBTtMpmJ+pcdGAz

Score

10^/10

privateloader loader

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  254KB
- MD5
  
  ab8892814d225964d8555a6de9b573a1
- SHA1
  
  71912b07502b59e35e19ec944ffe63b1d68a0c4f
- SHA256
  
  4762f9b832a0f5b565090b5b765c943425bdad0841a185c9d91b1a09c7278b3a
- SHA512
  
  5f2032e0d25a3d923db919309527b21ebe2e41d959af207e2bf4e9ce38852897b53cdb33d60573fb9d854b8424abff021b6742fe78f6be84346a80e46fb3e848
- SSDEEP
  
  6144:gJCl3eGrU+IRFtM+yJ4wMp5+6k9PbNiWiehbSLsAz:gsMBTtMpmJ+pcdGAz
Score

10^/10

privateloader loader
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Loads dropped DLL
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

privateloaderloader

behavioral2

privateloaderloader