General
-
Target
file.exe
-
Size
4.9MB
-
Sample
230503-s5w2mshb2s
-
MD5
d5fdbea899339eb95a0814b0e28e8ca0
-
SHA1
57e479b82e70524c8256d9951bf600b01d0be637
-
SHA256
b3b40da169200e7e926d4ec76df6eab0397d3bc377d91e33d25855ebd00df882
-
SHA512
33216b7bbab3ffad5cf7cf6e7967a621d3327e2b6e0fb3eab28d30fe04d1309261126a55f5bb57ed420f2844fbdc6a1c7aa0ee8224ec4649e38fde250837395c
-
SSDEEP
98304:p//WbNB6zRVddpyeQG3Z6TOAGSsLJdNlJPWIwafpVvtXt30W09:pn22VtRLJ6SAGS0jRfDvt930P9
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
4.9MB
-
MD5
d5fdbea899339eb95a0814b0e28e8ca0
-
SHA1
57e479b82e70524c8256d9951bf600b01d0be637
-
SHA256
b3b40da169200e7e926d4ec76df6eab0397d3bc377d91e33d25855ebd00df882
-
SHA512
33216b7bbab3ffad5cf7cf6e7967a621d3327e2b6e0fb3eab28d30fe04d1309261126a55f5bb57ed420f2844fbdc6a1c7aa0ee8224ec4649e38fde250837395c
-
SSDEEP
98304:p//WbNB6zRVddpyeQG3Z6TOAGSsLJdNlJPWIwafpVvtXt30W09:pn22VtRLJ6SAGS0jRfDvt930P9
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-