General
-
Target
script.ps1
-
Size
873B
-
Sample
240421-vm8zlaga71
-
MD5
17164898e62def2ba0ae5f061621033f
-
SHA1
a0112d7cdcc36ef911fdd53e978bf229c2468385
-
SHA256
76773a0726774d19efaea6604d4261412ee00650becf386631d1f52982dddf1d
-
SHA512
ce2fa6e2e910a735da612ae364a547307099d8a66df10a4e17cd081032409c3d4fad897640f20145078cdd1addfa54378d7211cb0988c15cdc98e1bf158b364d
Static task
static1
Behavioral task
behavioral1
Sample
script.ps1
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
script.ps1
-
Size
873B
-
MD5
17164898e62def2ba0ae5f061621033f
-
SHA1
a0112d7cdcc36ef911fdd53e978bf229c2468385
-
SHA256
76773a0726774d19efaea6604d4261412ee00650becf386631d1f52982dddf1d
-
SHA512
ce2fa6e2e910a735da612ae364a547307099d8a66df10a4e17cd081032409c3d4fad897640f20145078cdd1addfa54378d7211cb0988c15cdc98e1bf158b364d
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-