General
-
Target
055fc87832ccb0e40d13eb6cf0b67136
-
Size
3MB
-
Sample
230201-qrgnpaaa7s
-
MD5
055fc87832ccb0e40d13eb6cf0b67136
-
SHA1
b6751740b05eab608aad776eea2e8a3f35871c71
-
SHA256
880716d3e1fe4e69e32f45fbd59b7de7e9d0df1f6912e5f7b39bb4907ede3874
-
SHA512
ed1cc51fcf3d9403c44ea0f11e8ca472b2724057a5558b01ac7866885a6c45e8c6a550b7d50b1391735cc32d4d12c02e359f3e9f6252af04e4301a61a99d3c7a
-
SSDEEP
98304:t2mXqUjEBZCW7038QcdfQZcht/c5ilvTilNZwB5E:t2mXpwZT7bdfQZSK
Malware Config
Targets
-
-
Target
055fc87832ccb0e40d13eb6cf0b67136
-
Size
3MB
-
MD5
055fc87832ccb0e40d13eb6cf0b67136
-
SHA1
b6751740b05eab608aad776eea2e8a3f35871c71
-
SHA256
880716d3e1fe4e69e32f45fbd59b7de7e9d0df1f6912e5f7b39bb4907ede3874
-
SHA512
ed1cc51fcf3d9403c44ea0f11e8ca472b2724057a5558b01ac7866885a6c45e8c6a550b7d50b1391735cc32d4d12c02e359f3e9f6252af04e4301a61a99d3c7a
-
SSDEEP
98304:t2mXqUjEBZCW7038QcdfQZcht/c5ilvTilNZwB5E:t2mXpwZT7bdfQZSK
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation