privateloader | 7e1cdeb6b7b6911d9d50b2a2a83bbdeb353c193743025a4ac6f91bf66a943361 | Triage

Submit
Reports

Overview

overview

Static

static

1

XYZDropper.ps1

windows10-2004-x64

Sharing

General

Target

XYZDropper.ps1
Size

930B
Sample

240421-vs2sgafg97
MD5

569f22824ac7ddb4c88a03415e3febce
SHA1

472f449c629f2da5b73a3d04a330937918f72dbf
SHA256

7e1cdeb6b7b6911d9d50b2a2a83bbdeb353c193743025a4ac6f91bf66a943361
SHA512

52e27e78bc5b79bf4050aed82ee5635388ab5d2b3d6b8024b470b934c6ed28dc229cc56f1adbd7a9db3f93851fa311118805edbe218fed05f3012511a4c6e024

Score

10^/10

privateloader risepro vidar 1702 loader persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

XYZDropper.ps1

Resource

win10v2004-20240226-en

privateloader risepro vidar 1702 loader persistence stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1702

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669

http://116.202.6.206:80

Attributes

profile_id
1702

Targets

- Target
  
  XYZDropper.ps1
- Size
  
  930B
- MD5
  
  569f22824ac7ddb4c88a03415e3febce
- SHA1
  
  472f449c629f2da5b73a3d04a330937918f72dbf
- SHA256
  
  7e1cdeb6b7b6911d9d50b2a2a83bbdeb353c193743025a4ac6f91bf66a943361
- SHA512
  
  52e27e78bc5b79bf4050aed82ee5635388ab5d2b3d6b8024b470b934c6ed28dc229cc56f1adbd7a9db3f93851fa311118805edbe218fed05f3012511a4c6e024
Score

10^/10

privateloader risepro vidar 1702 loader persistence stealer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Blocklisted process makes network request
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

privateloaderriseprovidar1702loaderpersistencestealer

© 2018-2024

Terms | Privacy