Malware Analysis Report

2025-06-16 02:03

Sample ID 240301-sxdv4ahd44
Target 0x000600000001422d-162.dat
SHA256 b24a282d9803995ae05ed11b807447219bda8c2c7b06495167a875935993bc88
Tags
privateloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b24a282d9803995ae05ed11b807447219bda8c2c7b06495167a875935993bc88

Threat Level: Known bad

The file 0x000600000001422d-162.dat was found to be: Known bad.

Malicious Activity Summary

privateloader

Privateloader family

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-01 15:29

Signatures

Privateloader family

privateloader

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-01 15:29

Reported

2024-03-01 15:32

Platform

win7-20240221-en

Max time kernel

118s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0x000600000001422d-162.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0x000600000001422d-162.exe

"C:\Users\Admin\AppData\Local\Temp\0x000600000001422d-162.exe"

Network

Country Destination Domain Proto
NL 45.133.1.182:80 tcp
NL 45.133.1.107:80 tcp
US 8.8.8.8:53 pastebin.com udp
US 172.67.34.170:443 pastebin.com tcp
US 8.8.8.8:53 wfsdragon.ru udp
US 104.21.5.208:80 wfsdragon.ru tcp
NL 212.193.30.115:80 tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\TarE345.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-01 15:29

Reported

2024-03-01 15:32

Platform

win10v2004-20240226-en

Max time kernel

147s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0x000600000001422d-162.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0x000600000001422d-162.exe

"C:\Users\Admin\AppData\Local\Temp\0x000600000001422d-162.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.53.126.40.in-addr.arpa udp
NL 45.133.1.182:80 tcp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
NL 45.133.1.107:80 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 172.67.34.170:443 pastebin.com tcp
US 8.8.8.8:53 wfsdragon.ru udp
US 104.21.5.208:80 wfsdragon.ru tcp
NL 212.193.30.115:80 tcp
US 8.8.8.8:53 170.34.67.172.in-addr.arpa udp
US 8.8.8.8:53 208.5.21.104.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp

Files

N/A