privateloader | 3c056fb4b1e0d834bf85eb5b09490be3f80fd8cbe6f4cae55a078075c3bc1d5e | Triage

Sharing

General

Target

3c056fb4b1e0d834bf85eb5b09490be3f80fd8cbe6f4cae55a078075c3bc1d5e.zip
Size

4.5MB
Sample

240707-bgskwayhpm
MD5

aa5d9fbf691d6f7844cdfefb7a8f82a1
SHA1

4927dddbc51f349f18037eb79e80f400b2829282
SHA256

3c056fb4b1e0d834bf85eb5b09490be3f80fd8cbe6f4cae55a078075c3bc1d5e
SHA512

819c4c16f95b544150a3d1a5aafe09b9053d7ed48c26d4b2664bc5fd77f74df42e21e390068a70248c7c2023eab1e02f2459a9eef26a0a50394b8bb0cbe9b7cf
SSDEEP

98304:P5OOMPrrdzH9bFsx0tLiAf+YGyHQq88we9Jj/TiD3Bg:PtMdzH9bbrHQD8wePiDu

Score

10^/10

privateloader evasion loader

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  792.0MB
- MD5
  
  d99235956d2438017dce77cbf6cb1176
- SHA1
  
  4121d8636b556b9da48081b2d818f3dcde3ac9a4
- SHA256
  
  74134cd0030b7681d9f753f8ecf68bf14937ba0261522bf05e5bef564cd8b8b0
- SHA512
  
  f090c7d82daf9f3ae9582e1d40f22272cb7e8911eae20c312704c7b814005816c8a78960b0ec21d376443db3c49c9d012052aa1f5692167b514fcf3211841351
- SSDEEP
  
  98304:rOuBF3zj5prjsd8VNCofaoUhXo8uG9pmSgQ7gCbHRd3bcEo:qunj5prvX8uGxgQZLcEo
Score

10^/10

privateloader evasion loader
- Modifies firewall policy service
  evasion
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

privateloaderevasionloader

behavioral2

privateloaderevasionloader