privateloader | 1881e8a0f272ddeb260f3da8c582c7a3a40122abc38482d45b7327888855d386 | Triage

Submit
Reports

Overview

overview

Static

static

7

Install.exe

windows7-x64

Install.exe

windows10-2004-x64

Sharing

General

Target

Install.7z
Size

4.1MB
Sample

230430-sqaj4aab36
MD5

a3db830203ed05d1e83cf341a026857d
SHA1

7ed38af19777b8d52b24f3015b3f545b7fa95986
SHA256

1881e8a0f272ddeb260f3da8c582c7a3a40122abc38482d45b7327888855d386
SHA512

49965d82ecfe6f9fbe0e996be383b4436e7209d70dadeac7dc1e36d70887b1413bd2de57c93842a83896811d16741fec09b613038ab90c5d42f243a77063031a
SSDEEP

98304:Q3ZXDJFhEqYVdWQgzRiBO4ZGApdDZgcvmav+FjsojT1zeG:Q3ZXNFhE1V8nz0BFZGAdDZvBvaLjT3

Score

10^/10

privateloader loader spyware stealer vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Install.exe

Resource

win7-20230220-en

privateloader loader vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Install.exe

Resource

win10v2004-20230220-en

privateloader loader spyware stealer vmprotect

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Install.exe
- Size
  
  682.0MB
- MD5
  
  008d51ea03f475cb74ccf7a3b862750f
- SHA1
  
  99fe63100c3fa447478e419dca9791f46d23a94e
- SHA256
  
  eac66288b37b0eddc596bd093bd5e47cc547c1c0b9acbff1a9c6ec4dc68b83b0
- SHA512
  
  21a4cee4f0a13a4fcdb92872762778802142bc6fecc10c1e69bf57f877ae2025a759b51a29a76fe93e0f097aece662642318799301a05aff97688d437d3d3033
- SSDEEP
  
  98304:eiRJX+AOnqfjWvV0M8rHBH2gAlbL7bB3+stCW5A8N/W:roAmtV0LIhPB3+stvn
Score

10^/10

privateloader loader vmprotect spyware stealer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

privateloaderloadervmprotect

behavioral2

privateloaderloaderspywarestealervmprotect

© 2018-2024

Terms | Privacy