Overview

overview

10

Static

static

1

LDPlayer9_...ld.exe

windows7-x64

10

LDPlayer9_...ld.exe

windows10-2004-x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LDPlayer9_pt_white444.hack.ff.hack.modmenu_7410_ld.exe

  • Size

    3.3MB

  • Sample

    240512-ztscmsaf75

  • MD5

    52311163022dbd17bb80414f3d18c194

  • SHA1

    d6e0a809eda9724f9cd16770da59ef8b50210c8f

  • SHA256

    6ae4f439c7bb84942e3f3f17b7bb3ba48cee214832b28a38b2f29a985b054cc5

  • SHA512

    7e5480c9deb4a2557e2bec87c750efdaf43d80da6657ad7f088ea9ade1cf7d6c866dab2fc6766acd6dfce8f7de9d1564ade11ad5320671fed19895dc2a3be258

  • SSDEEP

    49152:5lCCjG5A7eJytqbvjNF1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701b:5lCbA7eJTbb1t0xOoGBiCV2HeJTE

Score
10/10
privateloaderdiscoveryexecutionexploitloaderpersistence

Malware Config

Targets

    • Target

      LDPlayer9_pt_white444.hack.ff.hack.modmenu_7410_ld.exe

    • Size

      3.3MB

    • MD5

      52311163022dbd17bb80414f3d18c194

    • SHA1

      d6e0a809eda9724f9cd16770da59ef8b50210c8f

    • SHA256

      6ae4f439c7bb84942e3f3f17b7bb3ba48cee214832b28a38b2f29a985b054cc5

    • SHA512

      7e5480c9deb4a2557e2bec87c750efdaf43d80da6657ad7f088ea9ade1cf7d6c866dab2fc6766acd6dfce8f7de9d1564ade11ad5320671fed19895dc2a3be258

    • SSDEEP

      49152:5lCCjG5A7eJytqbvjNF1pHtOUYqP3CFOrtG/JR9sXafgkDFMVR9C1UhPJXMK701b:5lCbA7eJTbb1t0xOoGBiCV2HeJTE

    Score
    10/10
    privateloaderdiscoveryexecutionexploitloaderpersistence

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Creates new service(s)

      persistenceexecution

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery

    • Checks for any installed AV software in registry

    • Downloads MZ/PE file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

2
T1112

Subvert Trust Controls

2
T1553

Install Root Certificate

1
T1553.004

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Discovery

Query Registry

2
T1012

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

System Information Discovery

2
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks