General
-
Target
safe-archive.zip
-
Size
2.9MB
-
Sample
240724-qf33jsxclj
-
MD5
3c4ab851c4b1404622d691b262053df5
-
SHA1
bcd6610c75184b2ca45d0f3fff9ed6f0dcdeeaa4
-
SHA256
589d93deb639f967f96dbf6cbe48b1b434930ad3ac24a17d8e89ff058e4ec272
-
SHA512
ec2ab79c71db310b5218f1c324ab4d69a5c23b3a3d309be7e3627185952025c6f6e40b41cc4ecc26649241d343b7f337afdf92f8193076379d5a2ae97a02cd22
-
SSDEEP
49152:YVTWO1MC9XfT2CgdSHhkU7hnstGLCCAuF4vfbML71yAldpJYSEX/JDY8BV:oiO1MCMCPhkUGGLCCzF4vDQJfeFY4V
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
setup.exe
-
Size
762.0MB
-
MD5
9326c686071c528549c80eea2638082e
-
SHA1
3c31e38d81289de167d9f37fbc6697b5c9cf71bd
-
SHA256
59ca077c90d1d26bb9e79b44c74a0ecf04bd02a92a90146efe87c170e11ca3d2
-
SHA512
9af45bc59bbd42d738cbf9547d8d6121a61bd97a6b9a3a2f2fc39caf721a6a64ce7ab991e482bd13a39ac3ddf62cfc1f95613c7d805370d2cda0199f4bccc114
-
SSDEEP
49152:NpfTCy0d0R7ruhVrPwHStdgjGf+WAud5iqBRSLmIe59123L7W:eyN7ruHaLGf+Wzd5TSLm/23m
Score10/10-
Modifies firewall policy service
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-