privateloader | adb5fc9f5b601d4ab7f7009cf356b193e4dab98172af8550b0ac6388d107c44c | Triage

Submit
Reports

Overview

overview

Static

static

7

3d7299a0ff...b5.exe

windows7-x64

3d7299a0ff...b5.exe

windows10-2004-x64

Sharing

General

Target

b9a8daac90993d6759cd99ff322b1c67.bin
Size

4.0MB
Sample

230506-dn1aeafg63
MD5

22785a31f352ca474de369f1af9f6c15
SHA1

dc7ce7c11dbf75c248ced72c0f20bb8c450171cf
SHA256

adb5fc9f5b601d4ab7f7009cf356b193e4dab98172af8550b0ac6388d107c44c
SHA512

6e810618c4062246b89306fd6516078dd90c257548673d826e6d46f6062f59263202ab726a728b3dc68a40af968ac4ffcba98f14a3120d99215bcf4d226dd64f
SSDEEP

98304:0aS+R2BNQhLXZubp1wfsv1kLKNhyK5ocUmvF:0abROuhdu14U1k2P5RR

Score

10^/10

privateloader loader spyware stealer vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3d7299a0ffa6067676f8b49b6fbd85d32a9b9597355712b293e2a94ad4a362b5.exe

Resource

win7-20230220-en

privateloader loader vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

3d7299a0ffa6067676f8b49b6fbd85d32a9b9597355712b293e2a94ad4a362b5.exe

Resource

win10v2004-20230220-en

privateloader loader spyware stealer vmprotect

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  3d7299a0ffa6067676f8b49b6fbd85d32a9b9597355712b293e2a94ad4a362b5.exe
- Size
  
  4.5MB
- MD5
  
  b9a8daac90993d6759cd99ff322b1c67
- SHA1
  
  189c38dd976accb24c99b04d1d3ed8f082993638
- SHA256
  
  3d7299a0ffa6067676f8b49b6fbd85d32a9b9597355712b293e2a94ad4a362b5
- SHA512
  
  486f4f894488f5bc9c383ad05d66af6ea4557cda11fe2f34b1abc8444674fb1437635b2d09f3597db4c79708d116bdefd3d2ef168c9426f471ea62159bca0d61
- SSDEEP
  
  98304:2GgIlPKNT8aXeHEl/60qSAHbCej1j7eLdFZ:2GzoT82+VSA74dF
Score

10^/10

privateloader loader vmprotect spyware stealer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

privateloaderloadervmprotect

behavioral2

privateloaderloaderspywarestealervmprotect

© 2018-2024

Terms | Privacy