privateloader | 589d93deb639f967f96dbf6cbe48b1b434930ad3ac24a17d8e89ff058e4ec272 | Triage

Submit
Reports

Overview

overview

Static

static

3

setup.exe

windows7-x64

setup.exe

windows10-2004-x64

setup.exe

windows11-21h2-x64

Sharing

General

Target

safe-archive.zip
Size

2.9MB
Sample

240724-pqc4fawbqj
MD5

3c4ab851c4b1404622d691b262053df5
SHA1

bcd6610c75184b2ca45d0f3fff9ed6f0dcdeeaa4
SHA256

589d93deb639f967f96dbf6cbe48b1b434930ad3ac24a17d8e89ff058e4ec272
SHA512

ec2ab79c71db310b5218f1c324ab4d69a5c23b3a3d309be7e3627185952025c6f6e40b41cc4ecc26649241d343b7f337afdf92f8193076379d5a2ae97a02cd22
SSDEEP

49152:YVTWO1MC9XfT2CgdSHhkU7hnstGLCCAuF4vfbML71yAldpJYSEX/JDY8BV:oiO1MCMCPhkUGGLCCzF4vDQJfeFY4V

Score

10^/10

privateloader xmrig credential_access discovery evasion execution loader miner persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

setup.exe

Resource

win7-20240704-en

privateloader xmrig credential_access discovery evasion execution loader miner persistence spyware stealer

windows7-x64

25 signatures

300 seconds

Behavioral task

behavioral2

Sample

setup.exe

Resource

win10v2004-20240709-en

privateloader evasion loader

windows10-2004-x64

4 signatures

300 seconds

Behavioral task

behavioral3

Sample

setup.exe

Resource

win11-20240709-en

privateloader evasion loader

windows11-21h2-x64

4 signatures

300 seconds

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  762.0MB
- MD5
  
  9326c686071c528549c80eea2638082e
- SHA1
  
  3c31e38d81289de167d9f37fbc6697b5c9cf71bd
- SHA256
  
  59ca077c90d1d26bb9e79b44c74a0ecf04bd02a92a90146efe87c170e11ca3d2
- SHA512
  
  9af45bc59bbd42d738cbf9547d8d6121a61bd97a6b9a3a2f2fc39caf721a6a64ce7ab991e482bd13a39ac3ddf62cfc1f95613c7d805370d2cda0199f4bccc114
- SSDEEP
  
  49152:NpfTCy0d0R7ruhVrPwHStdgjGf+WAud5iqBRSLmIe59123L7W:eyN7ruHaLGf+Wzd5TSLm/23m
Score

10^/10

privateloader xmrig credential_access discovery evasion execution loader miner persistence spyware stealer
- Modifies firewall policy service
  evasion
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence execution
- Downloads MZ/PE file
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Power Settings

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

privateloaderxmrigcredential_accessdiscoveryevasionexecutionloaderminerpersistencespywarestealer

behavioral2

privateloaderevasionloader

behavioral3

privateloaderevasionloader

© 2018-2024

Terms | Privacy