Overview

overview

10

Static

static

3

file/setup.exe

windows7-x64

10

file/setup.exe

windows10-2004-x64

10

file/setup.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.zip

  • Size

    18.8MB

  • Sample

    240617-wdcqgaxhje

  • MD5

    e1b1b8044286ab7fe0e5c5da8f4c5853

  • SHA1

    7f9875bbbc430d1fce8dd1f96c7feb38ffd3856a

  • SHA256

    ee800a6102a9c87635e9f06dbc899653842ee9adec96e61d4355947639ae1602

  • SHA512

    1a27bdcb3662963956c691badfa16e43ebb508dc538bf49b21459cefa7ef7349b6d92dc049c376e127315c450e372b433d2141dc69ac5caeb8dd2ec1978d7009

  • SSDEEP

    393216:VptaYaqh289AQu3XH32irGFnfqpXVCdn9W2FtVjk3UQSZb/up7:Vpta4h2iA5n2iaFylVQ9pF75oN

Score
10/10
privateloaderevasionloaderspywarestealer

Malware Config

Targets

    • Target

      file/setup.exe

    • Size

      724.0MB

    • MD5

      81070ccb98cdd23344375c03acfd88ef

    • SHA1

      7ac9cd45977e091869b651ed3c1e67a7a08cf601

    • SHA256

      59fc1d6f6f94715eb00e104234dfb5dbb553488ce611c89177565c972d471520

    • SHA512

      6213fb65173710da7a3c7fb705ab1bd4596545d906d9db96cce61e9ae4652a110b828c11fc6358b38e8897fd5989aad3dcbfdce311ac0621aa9e2aab90ff14d9

    • SSDEEP

      196608:QTae6o2p7r55Bvyk+c9rWVCePOy7oac4RymLr+XGdkyRk6S:3g2115BqkdyN79tidd

    Score
    10/10
    privateloaderevasionloaderspywarestealer

    • Modifies firewall policy service

      evasion

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks