privateloader | 2d8524c8b31583d8237455c7211f486667d4cd9ae7db7ac4bab3cbde6b9a5e7b | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.Siggen28.55231.10056.8041.exe
Size

3.3MB
Sample

240612-lfxhjsxdle
MD5

9905d4c0f3aaf44c8f7a0f6c4b4d3543
SHA1

96d74f63546ab9620c95d024f150ed88b2d6f1df
SHA256

2d8524c8b31583d8237455c7211f486667d4cd9ae7db7ac4bab3cbde6b9a5e7b
SHA512

e2d5b82d7c13e67c98270a0302c3f4c4cc114d172d923035911beec10ab2e22a203561f99c67d08970e3e886ae5f53b6d23d766b8aa9161c3ebccf798059eec9
SSDEEP

98304:HETDbLgHBfCrX0TvTtJOPsRsT90DV8OrLz:CjgHNCgLT7OEsTaDV7r

Score

10^/10

privateloader evasion loader

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.Siggen28.55231.10056.8041.exe
- Size
  
  3.3MB
- MD5
  
  9905d4c0f3aaf44c8f7a0f6c4b4d3543
- SHA1
  
  96d74f63546ab9620c95d024f150ed88b2d6f1df
- SHA256
  
  2d8524c8b31583d8237455c7211f486667d4cd9ae7db7ac4bab3cbde6b9a5e7b
- SHA512
  
  e2d5b82d7c13e67c98270a0302c3f4c4cc114d172d923035911beec10ab2e22a203561f99c67d08970e3e886ae5f53b6d23d766b8aa9161c3ebccf798059eec9
- SSDEEP
  
  98304:HETDbLgHBfCrX0TvTtJOPsRsT90DV8OrLz:CjgHNCgLT7OEsTaDV7r
Score

10^/10

privateloader evasion loader
- Modifies firewall policy service
  evasion
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

privateloaderevasionloader

behavioral2

privateloaderevasionloader