Overview

overview

10

Static

static

3

File.exe

windows7-x64

10

File.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    File_pass1234.7z

  • Size

    5.9MB

  • Sample

    230710-ytzw2sdb56

  • MD5

    40058f3b772f34b08e4de41ce5975864

  • SHA1

    ba52bd00c14bc17b16bd9716b0b4407ed75fe8ac

  • SHA256

    a6d646057f8339a07f7b04c8771e9dac3cf1da9903c0f766c6530922610e16e5

  • SHA512

    322ad98ecea4f40eafc3663040b314a03f28e8a912b8aa278b5ef4cb0cd6dd98ed0c9ac87423c88e3b17c467d85252a2fc3a29b1e659426adcc568d45bd81019

  • SSDEEP

    98304:VyRpzgTZWDbkTbmyAR+RRREagGjHAzp0VUYd9BAbDCn36SU6FDy:4RpzgNWDb6SR+bREagGj4p03AfcqSUJ

Score
10/10
privateloaderloaderspywarestealer

Malware Config

Targets

    • Target

      File.exe

    • Size

      659.0MB

    • MD5

      b4e267a394dbbf9ae94fb533cbf1cdff

    • SHA1

      4692a449235f3c8f417c44601d638505d689170b

    • SHA256

      b236847d05857d295391aad2473d4244a2a50cc6f44b5da71dfe960ad55db800

    • SHA512

      79d32acd61c450dcf576387f3cf39437177e1301bc6ec4461683f0b2a99c40e231970abe91fdd325d7175bae7a9fb8238b608e6bdf83459a5696c5cf1e8924af

    • SSDEEP

      196608:KAxdcd4f0FWjdtbxAkuWyKuq9ZcEp6xR7Wo5ORyFMJ9V:bdcd4cFWh/JuWx9ZwSkch

    Score
    10/10
    privateloaderloaderspywarestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks