General
-
Target
file.exe
-
Size
4.7MB
-
Sample
230205-qthzjada6y
-
MD5
26492126b5790d0c2a2cb43b427b9ef1
-
SHA1
34c916130a22cfb916ff2aca642014160bb1e17a
-
SHA256
a6c743d5647c5cf3ed9a8ab7adc58660b4e87faf386d1a954c672cf73a82f615
-
SHA512
9596d59dcd2b59ddfd3d3a090bc97ea0baa5cb82508aaa462a4cf719bace65c290ce7ec420b4dda498a72366d457ded52c8dd5e1dd3b3700b6be70353cfb22dd
-
SSDEEP
98304:tHrhmizRHXVbI95+BEKCepBtEvZcAiPj6eGs:eizRl03+tBtERcAG6i
Malware Config
Targets
-
-
Target
file.exe
-
Size
4.7MB
-
MD5
26492126b5790d0c2a2cb43b427b9ef1
-
SHA1
34c916130a22cfb916ff2aca642014160bb1e17a
-
SHA256
a6c743d5647c5cf3ed9a8ab7adc58660b4e87faf386d1a954c672cf73a82f615
-
SHA512
9596d59dcd2b59ddfd3d3a090bc97ea0baa5cb82508aaa462a4cf719bace65c290ce7ec420b4dda498a72366d457ded52c8dd5e1dd3b3700b6be70353cfb22dd
-
SSDEEP
98304:tHrhmizRHXVbI95+BEKCepBtEvZcAiPj6eGs:eizRl03+tBtERcAG6i
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-