Overview

overview

10

Static

static

3

File.exe

windows7-x64

10

File.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    File_pass1234.7z

  • Size

    5.0MB

  • Sample

    230524-jrka9abd48

  • MD5

    59bdba4300a7d636830fa3ff631a8ed0

  • SHA1

    27974033594ba9dbccd04d52328a850afb8dfd4d

  • SHA256

    4f3628405a0f70087cd62e45235a2c5bce9919186cfbf446b5d6adf768420fe0

  • SHA512

    92be7e79928fd664f4a8cd7d758d93434417dffc49733fc92176e025453d6db452cd564ca54457d5779e40854157248f65abb402873d3642353be4543ee5e520

  • SSDEEP

    98304:zaI48sVbwE5eu/YOkUu9VvFHW7H1I4fQA5eNWvm4fXTaL9GFI:WBmOkUu/N25wA8NcBXTo

Score
10/10
privateloaderloaderspywarestealer

Malware Config

Targets

    • Target

      File.exe

    • Size

      655.0MB

    • MD5

      4eb9b0f0903b77be9247978ffbc8814f

    • SHA1

      ea21fa7fd9a430a899a67136b6f864bbd6ea74b9

    • SHA256

      ba88907898f51ddf30595e773cd5de0f28020ad70af49e530c89b20501bc0f94

    • SHA512

      fec3dec02889784e2aa6e82f64f85e397ce44812287312809081e299aca960ac03cc23dbccc43e72c621a05b80de1a6bbce04003d0538708e9a45fe5d74e8a1f

    • SSDEEP

      98304:Jkfy48U0RHYuMH+F4mMURdns7gefj/vIeZuNYq8CIF+k/SL7IwXdz:Jka4t0/s7gefrvENhuwaSYU

    Score
    10/10
    privateloaderloaderspywarestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks