General
-
Target
Install.exe
-
Size
5.5MB
-
Sample
221125-xapfjaae8s
-
MD5
a6d27af9e1aeda65750320d3a7709857
-
SHA1
f4f932ba69654deca7180f3a158aef8bf505e74d
-
SHA256
0abe63273a67846206f8c9afa293e88f47e9fc033b56d0deea38670df1f86b21
-
SHA512
478ef047a00f510fed99886806ba1a473c4e426d40ccb947163bce43f8da6ab988d22050529da2801c2c1536dbef0de18e3276d8c44dcb5c08b269ca4fdb9556
-
SSDEEP
98304:ZHuFaBakaCMccv1BylO/G+WZSSIjteq7+LiTMwR4MlQlO8sip+94C7QWRqYPcfYX:ZcaBtgnvPylO/G30hteq7tT5Rzl+C6+4
Behavioral task
behavioral1
Sample
Install.exe
Resource
win10-20220812-en
Malware Config
Targets
-
-
Target
Install.exe
-
Size
5.5MB
-
MD5
a6d27af9e1aeda65750320d3a7709857
-
SHA1
f4f932ba69654deca7180f3a158aef8bf505e74d
-
SHA256
0abe63273a67846206f8c9afa293e88f47e9fc033b56d0deea38670df1f86b21
-
SHA512
478ef047a00f510fed99886806ba1a473c4e426d40ccb947163bce43f8da6ab988d22050529da2801c2c1536dbef0de18e3276d8c44dcb5c08b269ca4fdb9556
-
SSDEEP
98304:ZHuFaBakaCMccv1BylO/G+WZSSIjteq7+LiTMwR4MlQlO8sip+94C7QWRqYPcfYX:ZcaBtgnvPylO/G30hteq7tT5Rzl+C6+4
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-