General
-
Target
file.exe
-
Size
254KB
-
Sample
221124-rx2rgsag68
-
MD5
ab8892814d225964d8555a6de9b573a1
-
SHA1
71912b07502b59e35e19ec944ffe63b1d68a0c4f
-
SHA256
4762f9b832a0f5b565090b5b765c943425bdad0841a185c9d91b1a09c7278b3a
-
SHA512
5f2032e0d25a3d923db919309527b21ebe2e41d959af207e2bf4e9ce38852897b53cdb33d60573fb9d854b8424abff021b6742fe78f6be84346a80e46fb3e848
-
SSDEEP
6144:gJCl3eGrU+IRFtM+yJ4wMp5+6k9PbNiWiehbSLsAz:gsMBTtMpmJ+pcdGAz
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
254KB
-
MD5
ab8892814d225964d8555a6de9b573a1
-
SHA1
71912b07502b59e35e19ec944ffe63b1d68a0c4f
-
SHA256
4762f9b832a0f5b565090b5b765c943425bdad0841a185c9d91b1a09c7278b3a
-
SHA512
5f2032e0d25a3d923db919309527b21ebe2e41d959af207e2bf4e9ce38852897b53cdb33d60573fb9d854b8424abff021b6742fe78f6be84346a80e46fb3e848
-
SSDEEP
6144:gJCl3eGrU+IRFtM+yJ4wMp5+6k9PbNiWiehbSLsAz:gsMBTtMpmJ+pcdGAz
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-