privateloader | 880716d3e1fe4e69e32f45fbd59b7de7e9d0df1f6912e5f7b39bb4907ede3874 | Triage

Submit
Reports

Overview

overview

Static

static

055fc87832...36.exe

windows7-x64

055fc87832...36.exe

windows10-2004-x64

Sharing

General

Target

055fc87832ccb0e40d13eb6cf0b67136
Size

3.9MB
Sample

230201-qrgnpaaa7s
MD5

055fc87832ccb0e40d13eb6cf0b67136
SHA1

b6751740b05eab608aad776eea2e8a3f35871c71
SHA256

880716d3e1fe4e69e32f45fbd59b7de7e9d0df1f6912e5f7b39bb4907ede3874
SHA512

ed1cc51fcf3d9403c44ea0f11e8ca472b2724057a5558b01ac7866885a6c45e8c6a550b7d50b1391735cc32d4d12c02e359f3e9f6252af04e4301a61a99d3c7a
SSDEEP

98304:t2mXqUjEBZCW7038QcdfQZcht/c5ilvTilNZwB5E:t2mXpwZT7bdfQZSK

Score

10^/10

privateloader loader spyware stealer vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

055fc87832ccb0e40d13eb6cf0b67136.exe

Resource

win7-20221111-en

privateloader loader spyware stealer vmprotect

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

055fc87832ccb0e40d13eb6cf0b67136.exe

Resource

win10v2004-20221111-en

privateloader loader spyware stealer vmprotect

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  055fc87832ccb0e40d13eb6cf0b67136
- Size
  
  3.9MB
- MD5
  
  055fc87832ccb0e40d13eb6cf0b67136
- SHA1
  
  b6751740b05eab608aad776eea2e8a3f35871c71
- SHA256
  
  880716d3e1fe4e69e32f45fbd59b7de7e9d0df1f6912e5f7b39bb4907ede3874
- SHA512
  
  ed1cc51fcf3d9403c44ea0f11e8ca472b2724057a5558b01ac7866885a6c45e8c6a550b7d50b1391735cc32d4d12c02e359f3e9f6252af04e4301a61a99d3c7a
- SSDEEP
  
  98304:t2mXqUjEBZCW7038QcdfQZcht/c5ilvTilNZwB5E:t2mXpwZT7bdfQZSK
Score

10^/10

privateloader loader spyware stealer vmprotect
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Downloads MZ/PE file
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

privateloaderloaderspywarestealervmprotect

behavioral2

privateloaderloaderspywarestealervmprotect

© 2018-2024

Terms | Privacy