General

  • Target

    SecuriteInfo.com.not-a-virus.AdWare.NSIS.ConvertAd.ajyz.9272.10801.exe

  • Size

    32.3MB

  • Sample

    240509-srb5babe86

  • MD5

    3847004cc52937aff44ab590cfc47fdd

  • SHA1

    3955fb0ccc6d894b255bde1c329d98ffae6ea92e

  • SHA256

    0bce62b057e8d60bcbaa16c3d8571943f7ea7e42f5bcfab85f1968a266e5386d

  • SHA512

    8a593161ee1459e2a741f4e4126c54ca9b56170b861e3595315c8889f837d1dece825d28a3ea0507236d2e4b99a256808ad053e23ea39e7c411220b16a9b2af3

  • SSDEEP

    786432:0Wmk13WFnGhBH1AIv2HMYYYXzt5+8rvySB:7mkknYB9vXqzbr6S

Malware Config

Targets

    • Target

      SecuriteInfo.com.not-a-virus.AdWare.NSIS.ConvertAd.ajyz.9272.10801.exe

    • Size

      32.3MB

    • MD5

      3847004cc52937aff44ab590cfc47fdd

    • SHA1

      3955fb0ccc6d894b255bde1c329d98ffae6ea92e

    • SHA256

      0bce62b057e8d60bcbaa16c3d8571943f7ea7e42f5bcfab85f1968a266e5386d

    • SHA512

      8a593161ee1459e2a741f4e4126c54ca9b56170b861e3595315c8889f837d1dece825d28a3ea0507236d2e4b99a256808ad053e23ea39e7c411220b16a9b2af3

    • SSDEEP

      786432:0Wmk13WFnGhBH1AIv2HMYYYXzt5+8rvySB:7mkknYB9vXqzbr6S

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks