privateloader

General

Target

officeactivator.exe
Size

15.2MB
Sample

240504-lpvejsac7w
MD5

209635421416545cb239f7484909fcf8
SHA1

850fb53685bc7e70fe267aaed72f45ae7589ee03
SHA256

e71d9dae0ae73ca4950fd14cc868de8ffdc25985c93b033994631271c74c98e7
SHA512

c64adac9909f7c5f3e0e412b8403e2298d5698c33334f4571757c2c7276bcb820c70a7c48f7a17ccb546906007188dc798c8f3e9063faa8b00cfe7a90410bc0e
SSDEEP

393216:uLoWykOEywRjHw4sxA0gnItqy0wRoEbLNKE:bkPnRjQk0OVyV6yKE

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Targets

- Target
  
  officeactivator.exe
- Size
  
  15.2MB
- MD5
  
  209635421416545cb239f7484909fcf8
- SHA1
  
  850fb53685bc7e70fe267aaed72f45ae7589ee03
- SHA256
  
  e71d9dae0ae73ca4950fd14cc868de8ffdc25985c93b033994631271c74c98e7
- SHA512
  
  c64adac9909f7c5f3e0e412b8403e2298d5698c33334f4571757c2c7276bcb820c70a7c48f7a17ccb546906007188dc798c8f3e9063faa8b00cfe7a90410bc0e
- SSDEEP
  
  393216:uLoWykOEywRjHw4sxA0gnItqy0wRoEbLNKE:bkPnRjQk0OVyV6yKE
Score

10^/10

privateloader execution loader upx
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

Blocklisted process makes network request

Executes dropped EXE

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2