General

  • Target

    9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777.exe

  • Size

    402KB

  • Sample

    240725-fc4jsssdrg

  • MD5

    5ae2c7e495880d7e209a41158fd72984

  • SHA1

    f2bd4549f77a5c6af49259b60caf937b31decbf0

  • SHA256

    9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777

  • SHA512

    16364431e2d8b0e48189f571b1b713da08129ea3b00d18723d981b7ace39b9d1cd7b55d4a48ea53bb8e7940f0c76ef70b5614a5a8d08bdb73827539e4cc7d5cf

  • SSDEEP

    12288:MZFjgB8S7dgKfFTJnUxzJQK2LM0r04JduPK1LOE/BE:M3jgCS7BFnUbR60wLLOSi

Malware Config

Extracted

Family

privateloader

C2

http://212.193.30.45/proxies.txt

http://212.193.30.29/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

212.193.30.21

Attributes
  • payload_url

    https://vipsofts.xyz/files/mega.bmp

Targets

    • Target

      9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777.exe

    • Size

      402KB

    • MD5

      5ae2c7e495880d7e209a41158fd72984

    • SHA1

      f2bd4549f77a5c6af49259b60caf937b31decbf0

    • SHA256

      9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777

    • SHA512

      16364431e2d8b0e48189f571b1b713da08129ea3b00d18723d981b7ace39b9d1cd7b55d4a48ea53bb8e7940f0c76ef70b5614a5a8d08bdb73827539e4cc7d5cf

    • SSDEEP

      12288:MZFjgB8S7dgKfFTJnUxzJQK2LM0r04JduPK1LOE/BE:M3jgCS7BFnUbR60wLLOSi

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks