privateloader | f5c67fe00b4cbee07d5e394c87f0c6224bbd841a92151d04841f584d56e58b0c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

F5C67FE00B4CBEE07D5E394C8.exe
Size

1.1MB
Sample

230709-j2mjcscc3w
MD5

842ae8e819177105e1a1af934b1ee520
SHA1

17104eca148dcd0e15ffb31e4c7a3defdd406d12
SHA256

f5c67fe00b4cbee07d5e394c87f0c6224bbd841a92151d04841f584d56e58b0c
SHA512

b92ecfb5c89996332dd674682694a111aee2bc26b21678c9e60dc592272b91a0f6e9d2a478528b6f257290c5ef43ed9d87d7fac3b8314e768144951333e4916d
SSDEEP

24576:zXdmFGXOGXlTztlj3RbjO7jlUIixAWLc7ARpTLzVONY/tx4:rdfLVTLjxwjlQntT/VO2x4

Score

10^/10

privateloader evasion spyware stealer trojan

Malware Config

Targets

- Target
  
  F5C67FE00B4CBEE07D5E394C8.exe
- Size
  
  1.1MB
- MD5
  
  842ae8e819177105e1a1af934b1ee520
- SHA1
  
  17104eca148dcd0e15ffb31e4c7a3defdd406d12
- SHA256
  
  f5c67fe00b4cbee07d5e394c87f0c6224bbd841a92151d04841f584d56e58b0c
- SHA512
  
  b92ecfb5c89996332dd674682694a111aee2bc26b21678c9e60dc592272b91a0f6e9d2a478528b6f257290c5ef43ed9d87d7fac3b8314e768144951333e4916d
- SSDEEP
  
  24576:zXdmFGXOGXlTztlj3RbjO7jlUIixAWLc7ARpTLzVONY/tx4:rdfLVTLjxwjlQntT/VO2x4
Score

10^/10

evasion spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealertrojan

behavioral2

evasionspywarestealertrojan