General
-
Target
XYZDropper.ps1
-
Size
930B
-
Sample
240421-vs2sgafg97
-
MD5
569f22824ac7ddb4c88a03415e3febce
-
SHA1
472f449c629f2da5b73a3d04a330937918f72dbf
-
SHA256
7e1cdeb6b7b6911d9d50b2a2a83bbdeb353c193743025a4ac6f91bf66a943361
-
SHA512
52e27e78bc5b79bf4050aed82ee5635388ab5d2b3d6b8024b470b934c6ed28dc229cc56f1adbd7a9db3f93851fa311118805edbe218fed05f3012511a4c6e024
Static task
static1
Behavioral task
behavioral1
Sample
XYZDropper.ps1
Resource
win10v2004-20240226-en
Malware Config
Extracted
vidar
56
1702
https://t.me/asifrazatg
https://steamcommunity.com/profiles/76561199439929669
http://116.202.6.206:80
-
profile_id
1702
Targets
-
-
Target
XYZDropper.ps1
-
Size
930B
-
MD5
569f22824ac7ddb4c88a03415e3febce
-
SHA1
472f449c629f2da5b73a3d04a330937918f72dbf
-
SHA256
7e1cdeb6b7b6911d9d50b2a2a83bbdeb353c193743025a4ac6f91bf66a943361
-
SHA512
52e27e78bc5b79bf4050aed82ee5635388ab5d2b3d6b8024b470b934c6ed28dc229cc56f1adbd7a9db3f93851fa311118805edbe218fed05f3012511a4c6e024
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Blocklisted process makes network request
-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-