General

  • Target

    611479C78035C912DD69E3CFDADBF74649BB1FCE6241B7573CFB0C7A2FC2FB2F.exe

  • Size

    402KB

  • MD5

    5ae2c7e495880d7e209a41158fd72984

  • SHA1

    f2bd4549f77a5c6af49259b60caf937b31decbf0

  • SHA256

    9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777

  • SHA512

    16364431e2d8b0e48189f571b1b713da08129ea3b00d18723d981b7ace39b9d1cd7b55d4a48ea53bb8e7940f0c76ef70b5614a5a8d08bdb73827539e4cc7d5cf

  • SSDEEP

    12288:MZFjgB8S7dgKfFTJnUxzJQK2LM0r04JduPK1LOE/BE:M3jgCS7BFnUbR60wLLOSi

Score
10/10

Malware Config

Extracted

Family

privateloader

C2

http://212.193.30.45/proxies.txt

http://212.193.30.29/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

212.193.30.21

Attributes
  • payload_url

    https://vipsofts.xyz/files/mega.bmp

Signatures

  • Privateloader family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 611479C78035C912DD69E3CFDADBF74649BB1FCE6241B7573CFB0C7A2FC2FB2F.exe
    .exe windows:6 windows x86 arch:x86

    9734ba8626408cec04bb8fa7d8bb6e83


    Headers

    Imports

    Sections