Overview

overview

10

Static

static

1

98ded35046...64.exe

windows7-x64

10

98ded35046...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98ded35046e38e4b7044323390c57f64.exe

  • Size

    5.3MB

  • Sample

    230211-bc75rsgb4w

  • MD5

    98ded35046e38e4b7044323390c57f64

  • SHA1

    d98c5f05ee6b070fdabad179c2da15b9c4fcc2a8

  • SHA256

    c2051ed80860178c791220b7ab760d038e03091e4c02395a92eed4aea3872ae7

  • SHA512

    81d99fd6205b7112ce40674e6df68ff4f81a9217c5129926d648113e15f80cae2b044699fdafc5023fcfa2ad6ead33c962e9c48fd18c5bead18de9ad193a752b

  • SSDEEP

    98304:HDuckjyhM3p/g5/XJfy7pheIYmYR9roAGMHvPVEeUqO:HDcjyhM25wOIYfzGutEeUqO

Score
10/10
privateloaderloaderspywarestealer

Malware Config

Targets

    • Target

      98ded35046e38e4b7044323390c57f64.exe

    • Size

      5.3MB

    • MD5

      98ded35046e38e4b7044323390c57f64

    • SHA1

      d98c5f05ee6b070fdabad179c2da15b9c4fcc2a8

    • SHA256

      c2051ed80860178c791220b7ab760d038e03091e4c02395a92eed4aea3872ae7

    • SHA512

      81d99fd6205b7112ce40674e6df68ff4f81a9217c5129926d648113e15f80cae2b044699fdafc5023fcfa2ad6ead33c962e9c48fd18c5bead18de9ad193a752b

    • SSDEEP

      98304:HDuckjyhM3p/g5/XJfy7pheIYmYR9roAGMHvPVEeUqO:HDcjyhM25wOIYfzGutEeUqO

    Score
    10/10
    privateloaderloaderspywarestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks