General

  • Target

    b42b24d0549e201cf0727f1edeaacbebfed2eeec6af9eff6bdea4bf4ab0a1918

  • Size

    8.3MB

  • Sample

    240531-l82b7sed4x

  • MD5

    e99605f8de15e4ac43c1ac5c56c2b783

  • SHA1

    5399b6e0623ce3f4e979014ce2fc072896bb6e56

  • SHA256

    b42b24d0549e201cf0727f1edeaacbebfed2eeec6af9eff6bdea4bf4ab0a1918

  • SHA512

    83c2085df6d7434e0fadda727bf16fd55daaff1a3ab14960d5086d9e8e6e19c7ca2127fe9feb917ae5c68584462c18bbb7ac345a4f3ee521b6cd9a9274ba4c25

  • SSDEEP

    98304:J+UnFjkb2q0JaPq+KVWIqZe5rCph13dYFCd3D1JZIfNMWsYzo1ZHuOWq+fu+s7GP:XC1pSWpZeBCph1oCdiG0zGMOWq+WDSP

Malware Config

Targets

    • Target

      b42b24d0549e201cf0727f1edeaacbebfed2eeec6af9eff6bdea4bf4ab0a1918

    • Size

      8.3MB

    • MD5

      e99605f8de15e4ac43c1ac5c56c2b783

    • SHA1

      5399b6e0623ce3f4e979014ce2fc072896bb6e56

    • SHA256

      b42b24d0549e201cf0727f1edeaacbebfed2eeec6af9eff6bdea4bf4ab0a1918

    • SHA512

      83c2085df6d7434e0fadda727bf16fd55daaff1a3ab14960d5086d9e8e6e19c7ca2127fe9feb917ae5c68584462c18bbb7ac345a4f3ee521b6cd9a9274ba4c25

    • SSDEEP

      98304:J+UnFjkb2q0JaPq+KVWIqZe5rCph13dYFCd3D1JZIfNMWsYzo1ZHuOWq+fu+s7GP:XC1pSWpZeBCph1oCdiG0zGMOWq+WDSP

    • Modifies firewall policy service

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks