General
-
Target
9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777.exe
-
Size
402KB
-
Sample
240725-fc4jsssdrg
-
MD5
5ae2c7e495880d7e209a41158fd72984
-
SHA1
f2bd4549f77a5c6af49259b60caf937b31decbf0
-
SHA256
9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777
-
SHA512
16364431e2d8b0e48189f571b1b713da08129ea3b00d18723d981b7ace39b9d1cd7b55d4a48ea53bb8e7940f0c76ef70b5614a5a8d08bdb73827539e4cc7d5cf
-
SSDEEP
12288:MZFjgB8S7dgKfFTJnUxzJQK2LM0r04JduPK1LOE/BE:M3jgCS7BFnUbR60wLLOSi
Behavioral task
behavioral1
Sample
9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
privateloader
http://212.193.30.45/proxies.txt
http://212.193.30.29/server.txt
pastebin.com/raw/A7dSG1te
http://wfsdragon.ru/api/setStats.php
212.193.30.21
-
payload_url
https://vipsofts.xyz/files/mega.bmp
Targets
-
-
Target
9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777.exe
-
Size
402KB
-
MD5
5ae2c7e495880d7e209a41158fd72984
-
SHA1
f2bd4549f77a5c6af49259b60caf937b31decbf0
-
SHA256
9664f55603f168dc5f7ac498789f5275b2c64fb5ad1bc7c185944421bd5a8777
-
SHA512
16364431e2d8b0e48189f571b1b713da08129ea3b00d18723d981b7ace39b9d1cd7b55d4a48ea53bb8e7940f0c76ef70b5614a5a8d08bdb73827539e4cc7d5cf
-
SSDEEP
12288:MZFjgB8S7dgKfFTJnUxzJQK2LM0r04JduPK1LOE/BE:M3jgCS7BFnUbR60wLLOSi
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-