privateloader | 6858af2688d2e14af2f506e8a268045e38a9ee1a69759ded34c506c112910958 | Triage

Sharing

General

Target

Service[1].vmp
Size

382KB
Sample

241011-wpy3va1amn
MD5

021db70d51c7eb264d8e3d201987de59
SHA1

a149857a61bf22d84960f4fbc3fe39cf6b1661da
SHA256

6858af2688d2e14af2f506e8a268045e38a9ee1a69759ded34c506c112910958
SHA512

4feb593d7200a6da7b33e98ef31c414c33b52ec04b04a20b1eb1d5f388aff702dea0cde493156d9e9ff57abba3872c376ed84bd3a0e0b76a26e14efd55e58f7e
SSDEEP

6144:W35lLu/HzRf/kUDUltCdq4Zqc0W50fC0pw0pN0Obw2z8qhqscwE4jxoMv0fXhMwD:Wp6RfIl0Y4OMIY4j1YXhMwLnn

Score

10^/10

privateloader discovery

Malware Config

Extracted

Family

privateloader

C2

94.142.138.113

94.142.138.131

208.67.104.60

Targets

- Target
  
  Service[1].vmp
- Size
  
  382KB
- MD5
  
  021db70d51c7eb264d8e3d201987de59
- SHA1
  
  a149857a61bf22d84960f4fbc3fe39cf6b1661da
- SHA256
  
  6858af2688d2e14af2f506e8a268045e38a9ee1a69759ded34c506c112910958
- SHA512
  
  4feb593d7200a6da7b33e98ef31c414c33b52ec04b04a20b1eb1d5f388aff702dea0cde493156d9e9ff57abba3872c376ed84bd3a0e0b76a26e14efd55e58f7e
- SSDEEP
  
  6144:W35lLu/HzRf/kUDUltCdq4Zqc0W50fC0pw0pN0Obw2z8qhqscwE4jxoMv0fXhMwD:Wp6RfIl0Y4OMIY4j1YXhMwLnn
Score

6^/10

discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2