privateloader | 698afadb438df4675db66d4c1836ac52fc4cce05484537d3ae8ee86b31dc6254 | Triage

Sharing

General

Target

8d971097448a36d60bcf3114ceb5cb9c057fd1d4b93a1a844bdce8998000fce6.zip
Size

1.2MB
Sample

231119-3tyq7scg35
MD5

03d0d391659b351a110b9da71ed783fb
SHA1

4b5ca82cf72550ed17b8d09f3aeb8766b5ea9f41
SHA256

698afadb438df4675db66d4c1836ac52fc4cce05484537d3ae8ee86b31dc6254
SHA512

00bc51de73db6a06033bd845d504109fdbd6ccd7c0783a9ad773fe2dbf012934a5901315de778a2a685cee4ec8634baba22feb4087237d2ae828faf91d36300c
SSDEEP

24576:F7uhLXjU56XOUSlSwXunqRzxAc1fDbXRRGK5Vl3//ojdF6pBE:A7jU0XOVXuqFDtDbXRp5Vl33oJFsBE

Score

10^/10

privateloader redline risepro horda infostealer loader persistence stealer

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Extracted

Family

risepro

C2

194.49.94.152

Targets

- Target
  
  8d971097448a36d60bcf3114ceb5cb9c057fd1d4b93a1a844bdce8998000fce6.exe
- Size
  
  1.3MB
- MD5
  
  ccdc827488c94ff6961f327f4377ee75
- SHA1
  
  4a0001b0b79cd845ff620dce8db61c869ff77420
- SHA256
  
  8d971097448a36d60bcf3114ceb5cb9c057fd1d4b93a1a844bdce8998000fce6
- SHA512
  
  1b07454c8ef0a453b899c8a452de55cf907b42ac4f2e1259a523def0932d6ae7780e66a92fadcf96249a82a0539a89655dedfa69735339a2a5273216dfd662a2
- SSDEEP
  
  24576:byMGbzVyPAIujWLOlNCr9CB0Rjw3WqSSvJkQc/tOocsQ:OGPAIujWLOlgs/3W3SR5c/t9
Score

10^/10

privateloader redline risepro horda infostealer loader persistence stealer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

privateloaderredlineriseprohordainfostealerloaderpersistencestealer