privateloader | 9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777 | Triage

Sharing

General

Target

611479C78035C912DD69E3CFDADBF74649BB1FCE6241B7573CFB0C7A2FC2FB2F.exe
Size

402KB
Sample

240724-sefa7svenf
MD5

5ae2c7e495880d7e209a41158fd72984
SHA1

f2bd4549f77a5c6af49259b60caf937b31decbf0
SHA256

9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777
SHA512

16364431e2d8b0e48189f571b1b713da08129ea3b00d18723d981b7ace39b9d1cd7b55d4a48ea53bb8e7940f0c76ef70b5614a5a8d08bdb73827539e4cc7d5cf
SSDEEP

12288:MZFjgB8S7dgKfFTJnUxzJQK2LM0r04JduPK1LOE/BE:M3jgCS7BFnUbR60wLLOSi

Score

10^/10

privateloader aspackv2 discovery loader

Malware Config

Extracted

Family

privateloader

C2

http://212.193.30.45/proxies.txt

http://212.193.30.29/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

212.193.30.21

Attributes

payload_url
https://vipsofts.xyz/files/mega.bmp

Targets

- Target
  
  611479C78035C912DD69E3CFDADBF74649BB1FCE6241B7573CFB0C7A2FC2FB2F.exe
- Size
  
  402KB
- MD5
  
  5ae2c7e495880d7e209a41158fd72984
- SHA1
  
  f2bd4549f77a5c6af49259b60caf937b31decbf0
- SHA256
  
  9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777
- SHA512
  
  16364431e2d8b0e48189f571b1b713da08129ea3b00d18723d981b7ace39b9d1cd7b55d4a48ea53bb8e7940f0c76ef70b5614a5a8d08bdb73827539e4cc7d5cf
- SSDEEP
  
  12288:MZFjgB8S7dgKfFTJnUxzJQK2LM0r04JduPK1LOE/BE:M3jgCS7BFnUbR60wLLOSi
Score

10^/10

privateloader aspackv2 discovery loader
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

loaderprivateloader

behavioral1

privateloaderaspackv2discoveryloader

behavioral2

privateloaderaspackv2discoveryloader