General

  • Target

    4kvideodownloaderplus_1.6.0_x64_online.exe

  • Size

    942KB

  • Sample

    240509-svwm5agh3s

  • MD5

    39d8ded5576553a218378730f283f8d2

  • SHA1

    758e93a21513a1006e518e92b47f75f2253b2e79

  • SHA256

    ba2f708bc5082466e5e10adf429ab25594934f9210ba7688acfb3eff713bdd7a

  • SHA512

    b01cede6216829d8f82eeda834850ba4f45acb8cd37027411a8b40b39a40cc4a8a8dab1c9c28b6a35c0c6732575c1eb7204962e76546afc8816ceb4d7eafb5fa

  • SSDEEP

    24576:XNsfiTdYSuVzZH9tH1v1L3W3ZtxEVFxFYKBiRZE:/T2pZ1L3WpHEV70ZE

Malware Config

Targets

    • Target

      4kvideodownloaderplus_1.6.0_x64_online.exe

    • Size

      942KB

    • MD5

      39d8ded5576553a218378730f283f8d2

    • SHA1

      758e93a21513a1006e518e92b47f75f2253b2e79

    • SHA256

      ba2f708bc5082466e5e10adf429ab25594934f9210ba7688acfb3eff713bdd7a

    • SHA512

      b01cede6216829d8f82eeda834850ba4f45acb8cd37027411a8b40b39a40cc4a8a8dab1c9c28b6a35c0c6732575c1eb7204962e76546afc8816ceb4d7eafb5fa

    • SSDEEP

      24576:XNsfiTdYSuVzZH9tH1v1L3W3ZtxEVFxFYKBiRZE:/T2pZ1L3WpHEV70ZE

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks