privateloader | c9d5525b2f2b76087121039ee1c23ed35508e60f653479722ec64ea3a064878e | Triage

Sharing

General

Target

0x00080000000126f1-121.dat
Size

1.0MB
Sample

230208-qeenkaac6x
MD5

9108ad5775c76cccbb4eadf02de24f5d
SHA1

82996bc4f72b3234536d0b58630d5d26bcf904b0
SHA256

c9d5525b2f2b76087121039ee1c23ed35508e60f653479722ec64ea3a064878e
SHA512

19021a28555bba1fe1bdcdc8845f1bcadebd256c7db02b9329d6b44ae01a123a00e162cc34a97ba51f088cafa6f54ab1de8f82f771ac54b94a3a796f84f73362
SSDEEP

24576:DKMirjCYKgXW9CfBOh0UFcrPfT6batCA:DKR8BmBUfFwnTUatCA

Score

10^/10

privateloader evasion spyware stealer trojan

Malware Config

Targets

- Target
  
  0x00080000000126f1-121.dat
- Size
  
  1.0MB
- MD5
  
  9108ad5775c76cccbb4eadf02de24f5d
- SHA1
  
  82996bc4f72b3234536d0b58630d5d26bcf904b0
- SHA256
  
  c9d5525b2f2b76087121039ee1c23ed35508e60f653479722ec64ea3a064878e
- SHA512
  
  19021a28555bba1fe1bdcdc8845f1bcadebd256c7db02b9329d6b44ae01a123a00e162cc34a97ba51f088cafa6f54ab1de8f82f771ac54b94a3a796f84f73362
- SSDEEP
  
  24576:DKMirjCYKgXW9CfBOh0UFcrPfT6batCA:DKR8BmBUfFwnTUatCA
Score

10^/10

evasion spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywarestealertrojan

behavioral2

evasionspywarestealertrojan