privateloader | 36db131862e9f38c5e47cdb4aa1a35a8c95904039c1e5cbda5b6ba728fbebd79

Sharing

Copy URL

Twitter E-mail

General

Target

Neptune-Stealer.rar
Size

27.5MB
Sample

240505-t17s1seh4w
MD5

6b3d26257c71a6aff3960b9a294ca7ad
SHA1

ee5aa196f2a28277fdddb5dd8d6e24c5a7fae6fe
SHA256

36db131862e9f38c5e47cdb4aa1a35a8c95904039c1e5cbda5b6ba728fbebd79
SHA512

45b4ebe1930ffcd578898c1ade3ab3d6071cab329993e67af0d0b5b2b0b472a98b4d9ccfe606ff64337c1122a19c812de6308092d67b1e5fe7e8ec4e7c89b7a9
SSDEEP

786432:+HNPCO/Rn0pbYt8cZDIW0/Wcn6cbRXmyWXOG8f9:UNlp0uVZUW0bFm5XOf9

Score

10^/10

Malware Config

Targets

- Target
  
  Neptune-Stealer/.git/hooks/applypatch-msg.sample
- Size
  
  478B
- MD5
  
  ce562e08d8098926a3862fc6e7905199
- SHA1
  
  4de88eb95a5e93fd27e78b5fb3b5231a8d8917dd
- SHA256
  
  0223497a0b8b033aa58a3a521b8629869386cf7ab0e2f101963d328aa62193f7
- SHA512
  
  536cce804d84e25813993efdd240537b52d00ce9cdcecf1982f85096d56a521290104c825c00b370b2752201952a9616a3f4e28c5d27a5b4e4842101a2ff9bee
Score

3^/10
behavioral1
- Target
  
  Neptune-Stealer/.git/hooks/commit-msg.sample
- Size
  
  896B
- MD5
  
  579a3c1e12a1e74a98169175fb913012
- SHA1
  
  ee1ed5aad98a435f2020b6de35c173b75d9affac
- SHA256
  
  1f74d5e9292979b573ebd59741d46cb93ff391acdd083d340b94370753d92437
- SHA512
  
  d6bb7fa747f4625adf1877f546565cbe812ca7dd4168f7e9068e6732555d8737eba549546cf5946649e3f38de82d173aaf9c160a4c9f9445655258b4c5f955eb
Score

3^/10
behavioral2
- Target
  
  Neptune-Stealer/.git/hooks/fsmonitor-watchman.sample
- Size
  
  4KB
- MD5
  
  a0b2633a2c8e97501610bd3f73da66fc
- SHA1
  
  0ec0ec9ac11111433d17ea79e0ae8cec650dcfa4
- SHA256
  
  e0549964e93897b519bd8e333c037e51fff0f88ba13e086a331592bf801fa1d0
- SHA512
  
  5168643c1768ec83554a9066754507a781b6d14251a46a469222d462efc6ca87a72c90679154e8a723349c91e7772b32ac9b08dfe313cded0ee0a6f17885079e
- SSDEEP
  
  96:GFCscBOvOFXDgRvi/3UCwN4ZlkRo/j5SpoNOBoi+geBIzCa:GFCsEOmWRa8CwN4ZqRo7geEk3IzCa
Score

3^/10
behavioral3
- Target
  
  Neptune-Stealer/.git/hooks/post-update.sample
- Size
  
  189B
- MD5
  
  2b7ea5cee3c49ff53d41e00785eb974c
- SHA1
  
  b614c2f63da7dca9f1db2e7ade61ef30448fc96c
- SHA256
  
  81765af2daef323061dcbc5e61fc16481cb74b3bac9ad8a174b186523586f6c5
- SHA512
  
  473ad124642571656276bf83b9ff63ab1804d3c23a5bdae52391c6f70a894849ac60c10c9d31deff3938922ce83b68b1e60c11592bbf7ea503f4acd39968cefa
Score

3^/10
behavioral4
- Target
  
  Neptune-Stealer/.git/hooks/pre-applypatch.sample
- Size
  
  424B
- MD5
  
  054f9ffb8bfe04a599751cc757226dda
- SHA1
  
  f208287c1a92525de9f5462e905a9d31de1e2d75
- SHA256
  
  e15c5b469ea3e0a695bea6f2c82bcf8e62821074939ddd85b77e0007ff165475
- SHA512
  
  cb78aa7e9b9c146e5db65d86dd83f04e2b6942a06fab50c704a0fd900683f3b6ad1164e74afe2f267f6da91cdff0b9ab07713e12cefc6f8d741b5df194f4fda6
Score

3^/10
behavioral5
- Target
  
  Neptune-Stealer/.git/hooks/pre-commit.sample
- Size
  
  1KB
- MD5
  
  305eadbbcd6f6d2567e033ad12aabbc4
- SHA1
  
  a79d057388ee2c2fe6561d7697f1f5efcff96f23
- SHA256
  
  f9af7d95eb1231ecf2eba9770fedfa8d4797a12b02d7240e98d568201251244a
- SHA512
  
  7cfb0a58abed1915ee1b261a1c661c7e2deea4e9227f77f5875af1a25c82e19245ba12dcb2f5052d994d0e81a3465daf37f9d8c670e17f9c96742f60fdfaaa56
Score

3^/10
behavioral6
- Target
  
  Neptune-Stealer/.git/hooks/pre-merge-commit.sample
- Size
  
  416B
- MD5
  
  39cb268e2a85d436b9eb6f47614c3cbc
- SHA1
  
  04c64e58bc25c149482ed45dbd79e40effb89eb7
- SHA256
  
  d3825a70337940ebbd0a5c072984e13245920cdf8898bd225c8d27a6dfc9cb53
- SHA512
  
  e4dc204494f5062efa3032b00c64707a4f38978040482501b3e085f071e3ee5a9737d537e6a52002ceb4ebe2bfe09e555c5d969581e80b3eba2a922015c67960
Score

3^/10
behavioral7
- Target
  
  Neptune-Stealer/.git/hooks/pre-push.sample
- Size
  
  1KB
- MD5
  
  2c642152299a94e05ea26eae11993b13
- SHA1
  
  a599b773b930ca83dbc3a5c7c13059ac4a6eaedc
- SHA256
  
  ecce9c7e04d3f5dd9d8ada81753dd1d549a9634b26770042b58dda00217d086a
- SHA512
  
  cc98bbe0e3865e2023af04416e10689e3aecd3f3928cf90c2acc0d3d7306388886779025c8967c8ea198af1f4fe29d16c65d4e1d546c7a8fa513f5ba7df16850
Score

3^/10
behavioral8
- Target
  
  Neptune-Stealer/.git/hooks/pre-rebase.sample
- Size
  
  4KB
- MD5
  
  56e45f2bcbc8226d2b4200f7c46371bf
- SHA1
  
  288efdc0027db4cfd8b7c47c4aeddba09b6ded12
- SHA256
  
  4febce867790052338076f4e66cc47efb14879d18097d1d61c8261859eaaa7b3
- SHA512
  
  00d21d5d72386c3d9b5a1c36ba85201f730556a8295d4353af54af7892ab81010d42aff209ec1fda61c54e4dda3737cea5fda64f09d40ce5004ae28239565025
- SSDEEP
  
  96:vJ7EgXasqXq6zaqK1ep8m5MDVUT2bTEwEWDhG38deyig9yhCLtQH:vJ4gXasI1zaqKwUTHhzeyil4tm
Score

3^/10
behavioral9
- Target
  
  Neptune-Stealer/.git/hooks/pre-receive.sample
- Size
  
  544B
- MD5
  
  2ad18ec82c20af7b5926ed9cea6aeedd
- SHA1
  
  705a17d259e7896f0082fe2e9f2c0c3b127be5ac
- SHA256
  
  a4c3d2b9c7bb3fd8d1441c31bd4ee71a595d66b44fcf49ddb310252320169989
- SHA512
  
  ee08c11fab7e896b2e09c241954ba7640338b12c75cd8040daf053c31b2f22236d7a0deac736f89d305236312fdb4f560a38d4d8debdcc9dcdd23b2d975907d5
Score

3^/10
behavioral10
- Target
  
  Neptune-Stealer/.git/hooks/prepare-commit-msg.sample
- Size
  
  1KB
- MD5
  
  2b5c047bdb474555e1787db32b2d2fc5
- SHA1
  
  2584806ba147152ae005cb675aa4f01d5d068456
- SHA256
  
  e9ddcaa4189fddd25ed97fc8c789eca7b6ca16390b2392ae3276f0c8e1aa4619
- SHA512
  
  50ec8a0dd98427e80a82a8d8ce44462a845876e1594c9d0e89483ce9a8aaad616edea0e5c45c1bb69d8fe7f520c6f2260d6fa350d77b400899c3ae375e965bfb
Score

3^/10
behavioral11
- Target
  
  Neptune-Stealer/.git/hooks/push-to-checkout.sample
- Size
  
  2KB
- MD5
  
  c7ab00c7784efeadad3ae9b228d4b4db
- SHA1
  
  508240328c8b55f8157c93c43bf5e291e5d2fbcb
- SHA256
  
  a53d0741798b287c6dd7afa64aee473f305e65d3f49463bb9d7408ec3b12bf5f
- SHA512
  
  586efb6a206f73d8a94561266153a624e2753830bc431a283bed998c46ac00a9df4995ddfd0aa852b1a22b4672c80f2c33cee3fe2e3321e392ff4cef26dbf75e
Score

3^/10
behavioral12
- Target
  
  Neptune-Stealer/.git/hooks/sendemail-validate.sample
- Size
  
  2KB
- MD5
  
  4d67df3a8d5c98cb8565c07e42be0b04
- SHA1
  
  74cf1d5415a5c03c110240f749491297d65c4c98
- SHA256
  
  44ebfc923dc5466bc009602f0ecf067b9c65459abfe8868ddc49b78e6ced7a92
- SHA512
  
  a19dbbc2ef6c367aadbfb900ae58c377d88ac9b6c0ac6de49c962d44d993418875f64143defda56bae8d0697dcd15be2928d32aa77508d3958769f18a4a53154
Score

3^/10
behavioral13
- Target
  
  Neptune-Stealer/.git/hooks/update.sample
- Size
  
  3KB
- MD5
  
  647ae13c682f7827c22f5fc08a03674e
- SHA1
  
  730e6bd5225478bab6147b7a62a6e2ae21d40507
- SHA256
  
  8d5f2fa83e103cf08b57eaa67521df9194f45cbdbcb37da52ad586097a14d106
- SHA512
  
  be3780974589d06eddba6fa0aa15a3e3dfe390e2827a1a6ae5cb83d6ac47e79ef9b1bbb53f067372f8dc70db0350d3770e78537fd3cfe734200ff824eca4cada
Score

3^/10
behavioral14
- Target
  
  Neptune-Stealer/build.bat
- Size
  
  734B
- MD5
  
  1a0f43689186eb6dc7638ec72d5163ff
- SHA1
  
  d425b292743605ca53ed1772def4eeae44e2ab14
- SHA256
  
  78c48bbdfc80dad96a91d87e00da3544f633b8602008b3a458d6a51306c7b86e
- SHA512
  
  a7a7dc92db73b61acb4e82d58e7e0d34c0ad3fd1e2244382a4086f9d046b241e4ec7b0abb7ec8ae1ff723edb6bbcffd6ca0e10d450793dd1709252a54378e498
Score

1^/10
behavioral15
- Target
  
  Neptune-Stealer/index.js
- Size
  
  36KB
- MD5
  
  11ea2c5f8f02dd58bc54699bbd370c55
- SHA1
  
  7f97ee706b5e6d8e51710a500707e5db34782ab0
- SHA256
  
  025b6094c77f1a2e7af740b8a49c76d1edb1ca579f832ab1793c69dcb4223c95
- SHA512
  
  f527958800418edad32601f1f67ff4fa605d7711bc66017f8fa2d7d6634cf7f9587db948b29cb9adfd03985f301214157965db228964920a5da84164b6117fa7
- SSDEEP
  
  768:SALpSySkS3SLSySUSyS2S3SdSyS/S3SpSySFS3SE9v2ZLtbeSSS2SXSwXnSSSh:SALaq9Da
Score

3^/10

execution
behavioral16
- Target
  
  Neptune-Stealer/install.bat
- Size
  
  31B
- MD5
  
  ed479ebacddedec77a46c27cc0e6a94d
- SHA1
  
  7b1855527317d0124ebeb726defa838d54e9b663
- SHA256
  
  f634394e6be6cb445c6bc8191ae89e2f0de21f2214dc16b9cd2e080ad660b1dc
- SHA512
  
  41fd6db1b319fceac0d1796b4183cec97e40ddd6ac919cce89bbd531e4e0153e7d607732177359d4e2719170b495cb70cefac806d3c90975cb85eab10bcd8fda
Score

1^/10
behavioral17
- Target
  
  Neptune-Stealer/main.py
- Size
  
  132KB
- MD5
  
  2ff241435d9b16d284c9d70ca1981e86
- SHA1
  
  5f3ea0fa89a37206e728ce8a5a64f24f1545d479
- SHA256
  
  d5f09d7355070d7e60d5bc0f79288df26fdc494d92c6a9467b1ae1232ddc8876
- SHA512
  
  8ca458206013ca07c82c6d8c98fb4bb78f79a7ef7858ba40e0866f4c75b9aced52634a8b56f15db4cc4bf50cd46b5548741623c943e6b01953402f74f3ee3084
- SSDEEP
  
  1536:FsoWfxPvvsfYhxPuR2BEz+mKtnCFl2NOmOorPKtpOz3rkpznn/8K3TWiixelRj96:Fpf2KIZCHnmOppOzQzH3T791Zrq
Score

3^/10
behavioral18
- Target
  
  Neptune-Stealer/neptune injection/final.bat
- Size
  
  1KB
- MD5
  
  e52ffc30088c2eaa4b820d16edf1bc48
- SHA1
  
  5039c175ef76f135ea63d96fbcd5a459b2a6334c
- SHA256
  
  41fab22cd37aa4e66c362215eda0d8bf9ff82d950e1661f528921811fb99b88f
- SHA512
  
  2c58ba2914979d64b85e880d50439782dd4e002bfb2c2631070d15f7be5e4686cbe5ffc8719add0181ffdb1db7548ff8f4d628287dd31bf3827a3928df84bed9
Score

1^/10
behavioral19
- Target
  
  Neptune-Stealer/neptune injection/payload.bat
- Size
  
  783B
- MD5
  
  f3622964d873bc11a087a2e4e82603f5
- SHA1
  
  96ac588a7c7956e4a687adf8c7a33375e70b9a78
- SHA256
  
  57a263233f21dd60a1723a6dddfb09b9eb2a6184ac7746b9b1b0ef6d498f26d4
- SHA512
  
  c367c1c88b4f172a788f3e64bd29bed634b0f687102681269f72aad854db17360c5f6442156ae11de106707c1bd71a8d0e0c32a48eb8f18d238ccfc0b793969e
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral20
- Target
  
  Neptune-Stealer/obfuscator.py
- Size
  
  6KB
- MD5
  
  a89b08d779038479f7bd2e8a756a3e8b
- SHA1
  
  31043473ada9e10ca31e796adcaa0e9b5c39d92f
- SHA256
  
  7f77c727eda2fe9ac5b2570bb3459b055fefd99a1ef2b0fa08954609a3c2bfad
- SHA512
  
  713183433fa5cd066300011e5b3c3ba4ca015990d29d02c8b9377cde4d87d43c997d864db9a399752ce959db0095a030d99c3b50bd218af8a0aff3397c40f308
- SSDEEP
  
  192:fgcdAG5zjG851aPDqOhaHjxc/O9JzZ+O96EIGCWy:fzFzjG85syjOG9J119HIGCL
Score

3^/10
behavioral21
- Target
  
  Neptune-Stealer/tools/Pumper.py
- Size
  
  369B
- MD5
  
  3832cecb4a8f635c6b051fb0e87b2a68
- SHA1
  
  b38d06cf676dae88016bc718c9e31da86376ced6
- SHA256
  
  2ec0fe9f255219483f38b323da4adb26d817cca78673a13b3ad8def26c523479
- SHA512
  
  1cf01894d7aa630d7930bd2152d0fd1828e0d68ac0594c1f81fb581320b45aa764bff35ad71f40bb9e362490da65bd100b388813725ffded6c4d98adc9fda24f
Score

3^/10
behavioral22
- Target
  
  Neptune-Stealer/tools/cookie_reformat.py
- Size
  
  530B
- MD5
  
  7cc84961f09b62bfe20a6e6f75064bd2
- SHA1
  
  9926a4927934b1aacda01b5fb6ae4238ce6065e2
- SHA256
  
  b728e24260c69e2c59896f9f2f1c8f78f3d4807e2a84d4527d2abf6ab45e79d0
- SHA512
  
  964bb1722b72106969cd68ab3bb3871c058099f54128e2f3dc46d3d925c727e72186551f0fb5978604a4e4f7e7b447f4b1a013b0ccef1fc2ff2557c23e89b53a
Score

3^/10
behavioral23
- Target
  
  Neptune-Stealer/tools/run_script.bat
- Size
  
  33.1MB
- MD5
  
  d1a39d1fa53d8da2611ad91c91a1676e
- SHA1
  
  140b8851213dce617a029a03f6823a68511f3e26
- SHA256
  
  dbfc2291b18a27b4a17011028e88583f73c2fb3295858187dba4b768ff47b1ef
- SHA512
  
  d80698b0c3575f2579c4ddf02f0411384d0aab0537ce2c482f1ee5577228f7470858cf049d16251f8acd522a1cadc0da7b02a698f79d78d041cff62fd1fb342f
- SSDEEP
  
  393216:2QgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgW96l+ZArYsFRlI:23on1HvSzxAMNWFZArYsA
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Adds Run key to start application

Blocklisted process makes network request

Checks installed software on the system

Enumerates connected drives

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24