General
-
Target
Install.exe
-
Size
7.9MB
-
Sample
240322-rflnyaef8z
-
MD5
2cc80b5a83b5e1b96bf817d26099e664
-
SHA1
2507f7ca248884372a3088bf6413bd8292f898ca
-
SHA256
06c9681d0fcdc083535d3aaa823b0d5a483bb93f237fb7857cd8e72b20f4088c
-
SHA512
d5027ecda8337735e2149f6048124975e06e25865150f01b357d80926c8b786e1e0dc64cebf51b7c85bc5f72ec07571a4f170882ed386753ff6905b7dd2ba007
-
SSDEEP
196608:Pkc8XmEtyfj6x5kMdFYjdYb9UNaLhKxgNq+W3D:Pkc8WEw4kAFYqUNaLhqgNVA
Static task
static1
Behavioral task
behavioral1
Sample
Install.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Install.exe
-
Size
7.9MB
-
MD5
2cc80b5a83b5e1b96bf817d26099e664
-
SHA1
2507f7ca248884372a3088bf6413bd8292f898ca
-
SHA256
06c9681d0fcdc083535d3aaa823b0d5a483bb93f237fb7857cd8e72b20f4088c
-
SHA512
d5027ecda8337735e2149f6048124975e06e25865150f01b357d80926c8b786e1e0dc64cebf51b7c85bc5f72ec07571a4f170882ed386753ff6905b7dd2ba007
-
SSDEEP
196608:Pkc8XmEtyfj6x5kMdFYjdYb9UNaLhKxgNq+W3D:Pkc8WEw4kAFYqUNaLhqgNVA
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-