General
-
Target
a4d3271116e9032601aab96d774c25e382ac94ba8e66a1be47665bb8214a45d7
-
Size
6MB
-
Sample
230129-yby7ssbb39
-
MD5
0263be34f2e00787125321e5d67188c0
-
SHA1
070c93dcad0988ffaa1b85452c0e8213400931b3
-
SHA256
a4d3271116e9032601aab96d774c25e382ac94ba8e66a1be47665bb8214a45d7
-
SHA512
1468320645f928de66eb3eb8543e50d6677f7d462b02884212cc4b27c3a26ca094ecac5c11bfd3710c75d0af1cb0b82c1e26988adb1db9afbff794a84609e4ed
-
SSDEEP
98304:1mm4zcSJVdEdF2U259PTFwUHcCDUFeOsR7maiBZKmDqs0eYfe+gVVtTcM/pC:1I6rGHxVUX63Hs0eYfvcVtTl
Malware Config
Targets
-
-
Target
a4d3271116e9032601aab96d774c25e382ac94ba8e66a1be47665bb8214a45d7
-
Size
6MB
-
MD5
0263be34f2e00787125321e5d67188c0
-
SHA1
070c93dcad0988ffaa1b85452c0e8213400931b3
-
SHA256
a4d3271116e9032601aab96d774c25e382ac94ba8e66a1be47665bb8214a45d7
-
SHA512
1468320645f928de66eb3eb8543e50d6677f7d462b02884212cc4b27c3a26ca094ecac5c11bfd3710c75d0af1cb0b82c1e26988adb1db9afbff794a84609e4ed
-
SSDEEP
98304:1mm4zcSJVdEdF2U259PTFwUHcCDUFeOsR7maiBZKmDqs0eYfe+gVVtTcM/pC:1I6rGHxVUX63Hs0eYfvcVtTl
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation