Overview

overview

10

Static

static

1

a7b9148fce...aa.exe

windows7-x64

10

a7b9148fce...aa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a7b9148fce1c28eeda96ee8807b8eb74165408eaa0aa1b7eb18e180867c82eaa

  • Size

    7.4MB

  • Sample

    240521-ct2jzseh57

  • MD5

    4fadc908554eeb6532386f7d1af217e4

  • SHA1

    0c50cec9bc1ade05467b6ac20dab7f0bd630de30

  • SHA256

    a7b9148fce1c28eeda96ee8807b8eb74165408eaa0aa1b7eb18e180867c82eaa

  • SHA512

    fa938bb198367724051ab64e1fa94efdcb2102506014f73772113c9f96d17fc07d73b26370e7c992ccee6da7eba395c04f7ac67186c705827d05084e8781fe5f

  • SSDEEP

    196608:hzYa2ufb5NssQGjHLBy0qSJB/3ID5LudjOr:hz5z5NvjFy0qKBEFKOr

Score
10/10
privateloaderriseproevasionloaderstealer

Malware Config

Targets

    • Target

      a7b9148fce1c28eeda96ee8807b8eb74165408eaa0aa1b7eb18e180867c82eaa

    • Size

      7.4MB

    • MD5

      4fadc908554eeb6532386f7d1af217e4

    • SHA1

      0c50cec9bc1ade05467b6ac20dab7f0bd630de30

    • SHA256

      a7b9148fce1c28eeda96ee8807b8eb74165408eaa0aa1b7eb18e180867c82eaa

    • SHA512

      fa938bb198367724051ab64e1fa94efdcb2102506014f73772113c9f96d17fc07d73b26370e7c992ccee6da7eba395c04f7ac67186c705827d05084e8781fe5f

    • SSDEEP

      196608:hzYa2ufb5NssQGjHLBy0qSJB/3ID5LudjOr:hz5z5NvjFy0qKBEFKOr

    Score
    10/10
    privateloaderriseproevasionloaderstealer

    • Modifies firewall policy service

      evasion

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks