Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2cb5b2678054dd2f1b93d37a96b927830c4a7da699f061adee370807088257de

  • Size

    3.7MB

  • Sample

    231114-jy1xkshc8t

  • MD5

    f353a6519b5c64d48f798d91e5235848

  • SHA1

    b39fccbe042023d3385cd35eec8d418c700a73f1

  • SHA256

    2cb5b2678054dd2f1b93d37a96b927830c4a7da699f061adee370807088257de

  • SHA512

    f6e1c173544b3e898d3f31fd2213e741d1df8857b775c8fb37868f2f4349e37a00a7b3185e1daeb4371757d87c68377a8df7a8411e0aec48552765b52ab9f5f8

  • SSDEEP

    49152:AzkFjR9Z9e5LSe70IVHxtWXq9/Z8UZMPq3/hBfcW:hMYgZHH+qEUW4BfcW

Score
10/10
privateloaderloader

Malware Config

Extracted

Family

privateloader

C2

185.216.70.235

194.49.94.113

91.92.243.151

Targets

    • Target

      2cb5b2678054dd2f1b93d37a96b927830c4a7da699f061adee370807088257de

    • Size

      3.7MB

    • MD5

      f353a6519b5c64d48f798d91e5235848

    • SHA1

      b39fccbe042023d3385cd35eec8d418c700a73f1

    • SHA256

      2cb5b2678054dd2f1b93d37a96b927830c4a7da699f061adee370807088257de

    • SHA512

      f6e1c173544b3e898d3f31fd2213e741d1df8857b775c8fb37868f2f4349e37a00a7b3185e1daeb4371757d87c68377a8df7a8411e0aec48552765b52ab9f5f8

    • SSDEEP

      49152:AzkFjR9Z9e5LSe70IVHxtWXq9/Z8UZMPq3/hBfcW:hMYgZHH+qEUW4BfcW

    Score
    10/10
    privateloaderloader

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks