General

  • Target

    d963acee9e469ee9b95e16ca8d4f77412663b6f92928d885cd35c82595bea7ef

  • Size

    4.3MB

  • Sample

    240626-xpgdgaybnd

  • MD5

    d25bee31c30313658d2e010c0fb5f66e

  • SHA1

    003a49d195dd719b9af213fedcf9c39d8b6bf480

  • SHA256

    d963acee9e469ee9b95e16ca8d4f77412663b6f92928d885cd35c82595bea7ef

  • SHA512

    323bc94eb61a776c4a2a112d064bef17bd9874e3560040672288cd4447065dca4bc47bb346ebb13319bf999163704fc56beed345bd8c24dc487803f3a8db3dc7

  • SSDEEP

    98304:dbFhmDz7Avv/xXkMfPikM5JofdF7r8tH9gAMhPQLv+Wu5Vm:dFAnE55fb46LSH9gAMBQTRM

Malware Config

Targets

    • Target

      d963acee9e469ee9b95e16ca8d4f77412663b6f92928d885cd35c82595bea7ef

    • Size

      4.3MB

    • MD5

      d25bee31c30313658d2e010c0fb5f66e

    • SHA1

      003a49d195dd719b9af213fedcf9c39d8b6bf480

    • SHA256

      d963acee9e469ee9b95e16ca8d4f77412663b6f92928d885cd35c82595bea7ef

    • SHA512

      323bc94eb61a776c4a2a112d064bef17bd9874e3560040672288cd4447065dca4bc47bb346ebb13319bf999163704fc56beed345bd8c24dc487803f3a8db3dc7

    • SSDEEP

      98304:dbFhmDz7Avv/xXkMfPikM5JofdF7r8tH9gAMhPQLv+Wu5Vm:dFAnE55fb46LSH9gAMBQTRM

    • Modifies firewall policy service

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks