Overview

overview

10

Static

static

3

download.png

windows10-2004-x64

download.png

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    download.jpeg

  • Size

    1013B

  • Sample

    240504-mew13adg58

  • MD5

    28d8a39582d0bcbb724cd1980a6d0da4

  • SHA1

    49c8e27e8ab496871bcfcf4c2d00965812118202

  • SHA256

    1921cf9efe35a0c78b2c677020884a2d1aa2f43c25141ff5d086d5683f729f69

  • SHA512

    6b17c1d3b55c038c8d461ba26dca838374161748142d73ddfca86eff78c2dd0df966cc468df71467a7c4e199faa22a80e71cbfd2ab7d62b7e64b148b307bcf16

Score
10/10
privateloaderdiscoverylinkloaderqr

Malware Config

Targets

    • Target

      download.jpeg

    • Size

      1013B

    • MD5

      28d8a39582d0bcbb724cd1980a6d0da4

    • SHA1

      49c8e27e8ab496871bcfcf4c2d00965812118202

    • SHA256

      1921cf9efe35a0c78b2c677020884a2d1aa2f43c25141ff5d086d5683f729f69

    • SHA512

      6b17c1d3b55c038c8d461ba26dca838374161748142d73ddfca86eff78c2dd0df966cc468df71467a7c4e199faa22a80e71cbfd2ab7d62b7e64b148b307bcf16

    Score
    10/10
    privateloaderdiscoveryloader

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Network Service Discovery

1
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks