privateloader | ee800a6102a9c87635e9f06dbc899653842ee9adec96e61d4355947639ae1602 | Triage

Sharing

General

Target

file.zip
Size

18.8MB
Sample

240617-wdcqgaxhje
MD5

e1b1b8044286ab7fe0e5c5da8f4c5853
SHA1

7f9875bbbc430d1fce8dd1f96c7feb38ffd3856a
SHA256

ee800a6102a9c87635e9f06dbc899653842ee9adec96e61d4355947639ae1602
SHA512

1a27bdcb3662963956c691badfa16e43ebb508dc538bf49b21459cefa7ef7349b6d92dc049c376e127315c450e372b433d2141dc69ac5caeb8dd2ec1978d7009
SSDEEP

393216:VptaYaqh289AQu3XH32irGFnfqpXVCdn9W2FtVjk3UQSZb/up7:Vpta4h2iA5n2iaFylVQ9pF75oN

Score

10^/10

privateloader evasion loader spyware stealer

Malware Config

Targets

- Target
  
  file/setup.exe
- Size
  
  724.0MB
- MD5
  
  81070ccb98cdd23344375c03acfd88ef
- SHA1
  
  7ac9cd45977e091869b651ed3c1e67a7a08cf601
- SHA256
  
  59fc1d6f6f94715eb00e104234dfb5dbb553488ce611c89177565c972d471520
- SHA512
  
  6213fb65173710da7a3c7fb705ab1bd4596545d906d9db96cce61e9ae4652a110b828c11fc6358b38e8897fd5989aad3dcbfdce311ac0621aa9e2aab90ff14d9
- SSDEEP
  
  196608:QTae6o2p7r55Bvyk+c9rWVCePOy7oac4RymLr+XGdkyRk6S:3g2115BqkdyN79tidd
Score

10^/10

privateloader evasion loader spyware stealer
- Modifies firewall policy service
  evasion
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

privateloaderevasionloaderspywarestealer

behavioral2

privateloaderevasionloader

behavioral3

privateloaderevasionloader