Overview

overview

10

Static

static

fc708c22ac...0b.exe

windows7-x64

10

fc708c22ac...0b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc708c22acda37fb50cea6d603cb794852d8311349970461b178ff66dedccc0b.zip

  • Size

    5.1MB

  • Sample

    221128-kwtadsbc49

  • MD5

    fc8757b16f660c77a9323dc58f658fb9

  • SHA1

    5efbae311ad62c256ed27cacfd16cc8846934811

  • SHA256

    f8f1e16fa231b9deaea47439dfca1c625296bc09be9c476b3f7b29694bd49a82

  • SHA512

    8e616c34e9377dfcb3812b716ce5c7d9ff74120c4c4e79d2e034803e98371ecb83d84ca2b4c016e158766cfce125a250b177ebac1624d70868d7d9b5f845ea37

  • SSDEEP

    98304:zmFcRu80U650Ic29SwW3CnNOFhiCx78z9strZeAvkyfRXHIMJt+mLOQKb5V:zmFDf50I6wW3CNSt7F19tfBdVgT

Score
10/10
privateloaderloaderspywarestealer

Malware Config

Targets

    • Target

      fc708c22acda37fb50cea6d603cb794852d8311349970461b178ff66dedccc0b

    • Size

      5.2MB

    • MD5

      cbe30f7bff71640a9c3421adb13e5e82

    • SHA1

      0fb009f9cc8a82c31f31a78f5ed11bd84cec97b3

    • SHA256

      fc708c22acda37fb50cea6d603cb794852d8311349970461b178ff66dedccc0b

    • SHA512

      78d01135904927bf8db93801231d7b3ac1f5788af02338d43def15ac183bdebe078d2ff04265a01ce608a79d9535e08778ed332d1c9237d15a64ae59b25b1fe5

    • SSDEEP

      98304:09ENOVKAD83t83o4HtaADJIItAte0exO7baEv3JSew4HqetOXfacKq:ZNxY3o4Z0eCWO3oewiKXfJ

    Score
    10/10
    privateloaderloaderspywarestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks