Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PCRemoteReceiverSetup_7_5_16.exe

  • Size

    63.3MB

  • Sample

    240504-r6h1qsbg74

  • MD5

    ca3eb78b4bfcd2388bf49a980f1053b7

  • SHA1

    81c60fff0a2f0bf8e8ffc4161b0ed00fd3353a9f

  • SHA256

    b1707825c0f2fde7bfdbb5f4a4cef4002a935b2c9edfa93f512127f430cfbdd0

  • SHA512

    5f02bd4cab05cd242f3605ab027c11d28b855bd9180ff52aa14963248e2778cacc36466dcca684c0c17c9bab874f12b3a3e2d3ca655570831101cfc5c1022e51

  • SSDEEP

    1572864:DGr9D2YYvt8/7Z9lRA9lg5yJRotDthtYt/1vv+W5x/t6rRYyjvZXTpoZC86:DO9DoFE3lKYgJ1cW5+ruyjv1Nos86

Malware Config

Targets

    • Target

      PCRemoteReceiverSetup_7_5_16.exe

    • Size

      63.3MB

    • MD5

      ca3eb78b4bfcd2388bf49a980f1053b7

    • SHA1

      81c60fff0a2f0bf8e8ffc4161b0ed00fd3353a9f

    • SHA256

      b1707825c0f2fde7bfdbb5f4a4cef4002a935b2c9edfa93f512127f430cfbdd0

    • SHA512

      5f02bd4cab05cd242f3605ab027c11d28b855bd9180ff52aa14963248e2778cacc36466dcca684c0c17c9bab874f12b3a3e2d3ca655570831101cfc5c1022e51

    • SSDEEP

      1572864:DGr9D2YYvt8/7Z9lRA9lg5yJRotDthtYt/1vv+W5x/t6rRYyjvZXTpoZC86:DO9DoFE3lKYgJ1cW5+ruyjv1Nos86

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Drops file in Drivers directory

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      0a9fb96a7579b685ec36b17fc354e6a3

    • SHA1

      355754104dd47d5fcf8918dee0dc2e2ee53390a6

    • SHA256

      b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

    • SHA512

      67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

    • SSDEEP

      384:EFC43tPegZ3eBaRwCPOYY7nNYXCg/Yosa:EMTgZ3eBTCmrnNAo

    Score
    3/10
    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      014a3be4a7c1ccb217916dbf4f222bd1

    • SHA1

      9b4c41eb0e84886beb5591d8357155e27f9c68ed

    • SHA256

      09acfc5ee34a1dfa1af3a9d34f00c3b1327b56641feebd536e13752349c08ac8

    • SHA512

      0f3d1bf548e29a136150b699665a3f22c6ea2821701737363fa2920b51c391d735f1eae92dea8af655e7d07304bd3d06e4aff3f5a82fa22bcf5d1690013eb922

    • SSDEEP

      48:S46+/iTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mMofjLl:zsuPbOBtWZBV8jAWiAJCdv2CmfL

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      564bb0373067e1785cba7e4c24aab4bf

    • SHA1

      7c9416a01d821b10b2eef97b80899d24014d6fc1

    • SHA256

      7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

    • SHA512

      22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

    • SSDEEP

      192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL

    Score
    3/10
    • Target

      MonectMediaCenter.exe

    • Size

      143KB

    • MD5

      55b6cb3f16a0f837179c7c1c241e1c57

    • SHA1

      41ba6d07f19d4155afb815882d80c9ac74349a7e

    • SHA256

      ef2b810a55b58c71ef3fb184b3949f4d108027b8f1f3a18f4a646b265547ff5b

    • SHA512

      6531b179b00e8879a7551819d54c6d448ca71fa29764f1b5a40037d1580f8ff8b1b363c09dfa4be8a809b34204fc21ffb269d2c4a6f45b831c2c1e0d637adfa9

    • SSDEEP

      1536:SZ60XWFeE3F4UvmE2T9BmUM16R6FJ+rw1Y1mLE3hYDQuSKiVpmrMz00tXWBgOxw/:GHXWFBFlcBBXHwD+ueMrUtmBgO2/w0

    Score
    10/10
    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Target

      MonectRuntimeCheck.exe

    • Size

      121KB

    • MD5

      855868707c8daba66438545fba07b490

    • SHA1

      cb28feed2dc91fbb47dd3da4527ac7fb00a04f25

    • SHA256

      7a3846a11ebe48d769c2983931fad9c71a924b2f0d892a478aeff528e108883e

    • SHA512

      df3cd7a00eb562412b204cbb8e06cb31917b665f01cb9f521a8ba66ede8440b208f705da17159048e34327ca00d0c1b926bd1a78c0543c272203cb749c55dca3

    • SSDEEP

      768:kLnW4UkQyOM9aV1+qXUpv9Sbh9SbPvNnr2u+vTS+ST6nkM:k7hUFyOyaV1+f9C4vNrxk/me

    Score
    8/10
    • Drops file in Drivers directory

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Modifies Windows Firewall

    • Drops file in System32 directory

    • Target

      MonectServer.exe

    • Size

      158KB

    • MD5

      67d3e56a71739c8da1b63f67ff0b2d3e

    • SHA1

      00fd96b988ffe43ca6f82509de75ca8cdd7a7d2f

    • SHA256

      68c45fb8ef63e88d843a902444c7abba285244b88711f75e0e5c5836535cb46f

    • SHA512

      68e83c3203b6ed6f839f88820789e18e48ad9984ee5a259c25467eadeea8cadb1cd838a21eb21d2badec9944dfb55b7e12eaab804c0c4a1d85d1b6201b24701c

    • SSDEEP

      1536:glOA1XM6FlHn11JG+oDHFc2xlkC3xM/mi:glOApRH13G+0Hu2xqC3i/B

    Score
    1/10
    • Target

      MonectServerService.exe

    • Size

      2.5MB

    • MD5

      ff7e7658509e639ee022b9a079df1c52

    • SHA1

      052c6f08e11ab143d653f3db27390da0673ac1d2

    • SHA256

      8ee17b3085f769d34a7da47fb61d29f9c46326c0be1e52f29a87a3cdb0c11f54

    • SHA512

      f7d4ffc09c1e53bf5cc985d470ed488578c9935c2d9ba8176217ae76a929ffa0b634d5f2503c57e7b8a10ff4e42e34c5556cab79be825f45580e63a4b85b5cef

    • SSDEEP

      49152:cIVwASOCGtlqS/IU6i7tRywB8kldM65y0oZOusM1TjLOh5PhP3fo1rriPNnmBYZk:5Q+Xl5EhmA1/GnmBY5I

    Score
    1/10
    • Target

      PCRemoteReceiver.exe

    • Size

      7.2MB

    • MD5

      1f131b830b107f7ff0e12be96cac1eb1

    • SHA1

      1abb094ccb683d7e5ab18c1fe3bc37ad777accba

    • SHA256

      22720868281ba4a699ebe9e34a94865bfb40207b386672d0afa4e4daba94bc0d

    • SHA512

      c4df0294a1b25f96de69bf228f6b8612a9ab6f048110de441f83ef088296cb7106cc1dd125b32f4784395f99f579a4090c35a6db801d8ee442e57344858142eb

    • SSDEEP

      98304:n+iVLTjmGW8YRlXXe4nazbKBZ1P9BAvzycT6BKig+Z6elPq:nhzmGQRlXX5azWH1qKgig+Aepq

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Drops file in Drivers directory

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      Packages/vc_redist.x64.exe

    • Size

      14.3MB

    • MD5

      f0248d477e74687c5619ae16498b13d4

    • SHA1

      9ed4b091148c9b53f66b3f2c69be7e60e74c486a

    • SHA256

      b6c82087a2c443db859fdbeaae7f46244d06c3f2a7f71c35e50358066253de52

    • SHA512

      0c373b06ffe84f3e803831e90f22d7d73304e47a47839db614f63399ff1b7fcf33153bf3d23998877c96d2a75e316291a219fdd12358ca48928526284b802591

    • SSDEEP

      393216:q5lptVYmfr7yBG/4WoI+j6LTinXKSf0fzTDv8:q7pttD7yBG/uljIinXj0fQ

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      QRCodeEncoder.dll

    • Size

      40KB

    • MD5

      cc39b3af69c02e64f3560b0c078141e7

    • SHA1

      4c2a4644a6908e766180054eb8d792f1c4a17b2e

    • SHA256

      9c9a8da4bb2b628b77de98c2b48f1c039649700db6bcadc0af97ec465dd28441

    • SHA512

      59228ba046bfd12091ee4f3e43f3ed9a021b55e2f6e990bc063e90a1d92a9b62ae4d90b97060d4a3de5d1862bd84211522f4e9c6d433d28d672cadf3dea5c609

    • SSDEEP

      384:aoI6JUHDdlKSXrA5m/UHXrA5m/UFouYDe+gDlpLqQVWrlWa+w6MibZKfg+AObT7n:aoIHrDHFVsHSoaNr2u+vJzS+ST6nkW

    Score
    1/10
    • Target

      SDL2.dll

    • Size

      2.2MB

    • MD5

      5a2819c823a5af53420511a1ceb7a9aa

    • SHA1

      3b80b1228631abbb7f2745828a25cbce0d9dce09

    • SHA256

      81c70b7bfa5690b0ff20c15caa499f615a82cf5b49d278da89265eb836036465

    • SHA512

      da85ca5a8666eb5a2a4bc6b0c9e2f7b7811eb22fe1632a8604274f4fdd5b4303e8943b85cdacb4a3378261d1c0c2d754f4db372294a7146c26a9a546ba83b399

    • SSDEEP

      24576:HzJfKNu0feee3s8LjMwUiny7Irssh55Z0lZGO5cO7bSbtnG4+bDYnZVBsi9s8ZF7:H9fd8y5m5cv9F0Qc3OW/a45m5

    Score
    1/10
    • Target

      SDL2_image.dll

    • Size

      122KB

    • MD5

      b8d249a5e394b4e6a954c557af1b80e6

    • SHA1

      b03bb9d09447114a018110bfb91d56ef8d5ec3bb

    • SHA256

      1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194

    • SHA512

      2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

    • SSDEEP

      3072:6bsejIuO504fzsOM05Nmy7iGpJ7SvFisgf:6bmX0qQOhmyPs

    Score
    1/10
    • Target

      TouchInput.dll

    • Size

      26KB

    • MD5

      5594270400bd6b2c68f706067efcd889

    • SHA1

      c344b768407e0ebbaa67c830f1b8bb96d0762e88

    • SHA256

      ebdf396161b4c6ff20cdd54d08a334e3a98aba33663130a43f0f92fe7ee4801e

    • SHA512

      f4d64294c255a5c0c579172a1275b925964e5901f61acc06820b89c30a6d1d597c1ee473a6290d2d902aa31f1ae62491aa81cffe1423542d9fef47adcffb8ec2

    • SSDEEP

      384:emeTqSLPB4XT7MQv/uo6ki2Di+vywbS+ShjmM6IGBkS+E:emetLP6Wr2u+v5bS+ST6nk0

    Score
    1/10
    • Target

      avcodec-59.dll

    • Size

      67.3MB

    • MD5

      5398be059d32fc99ae35a469bcd55255

    • SHA1

      dd4a6154a185e1fe24a4ce024179441ec8a44194

    • SHA256

      5023347055e0dc62d02d6e1d557832d61834fda26da11f43ea7eb04f224ed92d

    • SHA512

      c0f6b782030c8bd4da9bde690192a826f4eb9bb027918bdb81b1a91195e22d2a1e2475767f250cc4e6cd23e5a21650030765ec769acb8399f330172200251f94

    • SSDEEP

      393216:rh5v+6bVVGcq20EPrEStqiJ0WOf5dd0EhRCe9lBZkvxMXHthsT6ltmPshdPPRX29:r7HK20+RJ8jd0EjCilb+MXc4Ph4dH3

    Score
    10/10
    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Target

      avformat-59.dll

    • Size

      14.8MB

    • MD5

      73719d8f1cc65ebce26a5e2959b92bc4

    • SHA1

      3b27af34a204c0feebe1ff217880ea90d6341584

    • SHA256

      2072e00d0c821eff03b22cfafdc164404ec7a15c2cee28520184efe6fd97bee6

    • SHA512

      2d19463188bd36cc7cfa1b18c3bb4e58642d14cab12cf8653730f93260a9c2e0e8101e768d30ca22ba26887d2abb11ea8f407203df50a4de754dc7f019b6c395

    • SSDEEP

      196608:+EizaE5RwATgZaqd+KPRkbTNV/3Ew/1g3wg7T:+RRlY+GRkbTT3HgXT

    Score
    10/10
    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

MITRE ATT&CK Enterprise v15

Tasks

static1

privateloader
Score
10/10

behavioral1

Score
4/10

behavioral2

privateloaderdiscoveryevasionloader
Score
10/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

privateloaderloader
Score
10/10

behavioral10

privateloaderloader
Score
10/10

behavioral11

Score
5/10

behavioral12

evasion
Score
8/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

privateloaderloader
Score
10/10

behavioral18

privateloaderevasionloader
Score
10/10

behavioral19

discovery
Score
7/10

behavioral20

discovery
Score
7/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

privateloaderloader
Score
10/10

behavioral30

privateloaderloader
Score
10/10

behavioral31

privateloaderloader
Score
10/10

behavioral32

privateloaderloader
Score
10/10