privateloader | ec5aa75c63d2cc06876620a3a1cf21d6ddcb021fb62ece8ba4fe3f7d9d92cd47 | Triage

Sharing

General

Target

26492126b5790d0c2a2cb43b427b9ef1.bin
Size

2.3MB
Sample

230207-hqbgaada91
MD5

9c52e5a7527f579f582e45b66f59f0bd
SHA1

c382b73075bdd7df970dcf7941c201768920693e
SHA256

ec5aa75c63d2cc06876620a3a1cf21d6ddcb021fb62ece8ba4fe3f7d9d92cd47
SHA512

eca96aa832fc55e2dbbb2217c8d9e380b5322906962cba2edf0e884e23d9f173f07a4e4a83f7792ce9a5bd6c5c08d442656c4867146d05d0f3471252a870a02d
SSDEEP

49152:8Y/0lg6SJw8iO1PA0AvKRp689qNqQzlO9ZcF5mLyhQPCtd6PFyt:d/v6SSo14dW9PQoZcbmLnqtd6PY

Score

10^/10

privateloader loader

Malware Config

Targets

- Target
  
  a6c743d5647c5cf3ed9a8ab7adc58660b4e87faf386d1a954c672cf73a82f615.exe
- Size
  
  4.7MB
- MD5
  
  26492126b5790d0c2a2cb43b427b9ef1
- SHA1
  
  34c916130a22cfb916ff2aca642014160bb1e17a
- SHA256
  
  a6c743d5647c5cf3ed9a8ab7adc58660b4e87faf386d1a954c672cf73a82f615
- SHA512
  
  9596d59dcd2b59ddfd3d3a090bc97ea0baa5cb82508aaa462a4cf719bace65c290ce7ec420b4dda498a72366d457ded52c8dd5e1dd3b3700b6be70353cfb22dd
- SSDEEP
  
  98304:tHrhmizRHXVbI95+BEKCepBtEvZcAiPj6eGs:eizRl03+tBtERcAG6i
Score

10^/10

privateloader loader
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Loads dropped DLL
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

privateloaderloader

behavioral2

privateloaderloader