privateloader | 6f47c70ef78c027027bd61a477ff5a0e77825f9c4c6c48613aa39ac6c0b5ba29 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f47c70ef78c027027bd61a477ff5a0e77825f9c4c6c48613aa39ac6c0b5ba29
Size

910KB
Sample

231114-zsby9sfh39
MD5

dccf9a2745b17893ab35ffe9728bf712
SHA1

f44be3131c5634499e925e19403e9132dc3ea3a1
SHA256

6f47c70ef78c027027bd61a477ff5a0e77825f9c4c6c48613aa39ac6c0b5ba29
SHA512

04efb718201487955a6b66a927d57f0db9e1f66ce113e32aa826149ab0a52a1f410189b6c4f49e6c951f56666b8f76c371b22d4d0518eda5eeeb094a7e7a0653
SSDEEP

24576:+ySo+8k/JInI4OHGVPqBEUvtyeXNHocc:NSB8k/ktwBdvtyK5o

Score

10^/10

privateloader redline risepro taiga infostealer loader persistence stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Extracted

Family

risepro

C2

5.42.92.51

Targets

- Target
  
  6f47c70ef78c027027bd61a477ff5a0e77825f9c4c6c48613aa39ac6c0b5ba29
- Size
  
  910KB
- MD5
  
  dccf9a2745b17893ab35ffe9728bf712
- SHA1
  
  f44be3131c5634499e925e19403e9132dc3ea3a1
- SHA256
  
  6f47c70ef78c027027bd61a477ff5a0e77825f9c4c6c48613aa39ac6c0b5ba29
- SHA512
  
  04efb718201487955a6b66a927d57f0db9e1f66ce113e32aa826149ab0a52a1f410189b6c4f49e6c951f56666b8f76c371b22d4d0518eda5eeeb094a7e7a0653
- SSDEEP
  
  24576:+ySo+8k/JInI4OHGVPqBEUvtyeXNHocc:NSB8k/ktwBdvtyK5o
Score

10^/10

privateloader redline risepro taiga infostealer loader persistence stealer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

privateloaderredlineriseprotaigainfostealerloaderpersistencestealer