General

  • Target

    file.exe

  • Size

    4.6MB

  • Sample

    230530-p4l89shf45

  • MD5

    b2a513ee625127c99a4792663a71095d

  • SHA1

    a924fe86eded901b548aa97f7fafa2a8b9b95ecd

  • SHA256

    2fa6f26d215f42b9a7396fe2e8aa3c3b82896009dbd920bd47899cd7f0ae2d4e

  • SHA512

    e77a6aa112f0e317450f422ae1bbf21e098601dcef391d36fd2c4a7f4460e3e61ae19e3ea6dab3ff1129157b2000f01b149b42004a2684a43db99cddd7172d25

  • SSDEEP

    98304:8SfiNKxaPquIEC6Br0vyJNEDM/Y5EaaBuCR2+MCou5:8PN6wquldBoyqDMw5BaBPR2Qh

Malware Config

Targets

    • Target

      file.exe

    • Size

      4.6MB

    • MD5

      b2a513ee625127c99a4792663a71095d

    • SHA1

      a924fe86eded901b548aa97f7fafa2a8b9b95ecd

    • SHA256

      2fa6f26d215f42b9a7396fe2e8aa3c3b82896009dbd920bd47899cd7f0ae2d4e

    • SHA512

      e77a6aa112f0e317450f422ae1bbf21e098601dcef391d36fd2c4a7f4460e3e61ae19e3ea6dab3ff1129157b2000f01b149b42004a2684a43db99cddd7172d25

    • SSDEEP

      98304:8SfiNKxaPquIEC6Br0vyJNEDM/Y5EaaBuCR2+MCou5:8PN6wquldBoyqDMw5BaBPR2Qh

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks