privateloader | 142aee3c05b5023b306aa9983c67e7168df45509882940470d5fa5d9b0a95eb9 | Triage

Sharing

General

Target

file
Size

1.6MB
Sample

230817-rdr3yahf96
MD5

398b20aafc2a39684d5e186925b94f3a
SHA1

3563fd4a82b964e3fbe737c81e923766a0e8cf97
SHA256

142aee3c05b5023b306aa9983c67e7168df45509882940470d5fa5d9b0a95eb9
SHA512

4537100f2771da1424b48d8f008495f43d8de905035f36cfddc3cc8f66fbf7f8de9817a62cba4c41b42bfd081a610bc882d54de71ba4b174b3bc59b5f2e57ca1
SSDEEP

24576:1HBqpeFID41OiNH4PYPXXl7XEwhSddeEX92dminTZffoJu+wEVxBUK4oG2I:CkFP7Njvl7Xyt2ginTVfd+wcxBU7p

Score

10^/10

privateloader loader

Malware Config

Extracted

Family

privateloader

C2

1.1.1.1

Targets

- Target
  
  file
- Size
  
  1.6MB
- MD5
  
  398b20aafc2a39684d5e186925b94f3a
- SHA1
  
  3563fd4a82b964e3fbe737c81e923766a0e8cf97
- SHA256
  
  142aee3c05b5023b306aa9983c67e7168df45509882940470d5fa5d9b0a95eb9
- SHA512
  
  4537100f2771da1424b48d8f008495f43d8de905035f36cfddc3cc8f66fbf7f8de9817a62cba4c41b42bfd081a610bc882d54de71ba4b174b3bc59b5f2e57ca1
- SSDEEP
  
  24576:1HBqpeFID41OiNH4PYPXXl7XEwhSddeEX92dminTZffoJu+wEVxBUK4oG2I:CkFP7Njvl7Xyt2ginTVfd+wcxBU7p
Score

10^/10

privateloader loader
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

privateloaderloader

behavioral2

privateloaderloader