General

  • Target

    422eb7c3dc87faab3946dbdb16f243b6442ee94b2cdd9457a3ae76ed3ff64465

  • Size

    193KB

  • Sample

    241104-qx9lnasrgj

  • MD5

    0b5470c62a7450f4630c3c9db2647d8f

  • SHA1

    a96bd71b9bbee901c8a0da796af359ff6a3651fe

  • SHA256

    422eb7c3dc87faab3946dbdb16f243b6442ee94b2cdd9457a3ae76ed3ff64465

  • SHA512

    45ad0a7461e9719f976c2f0958bb58445aa0f4f82c9328fb677c7d3ff2dd7592c3f7f8453f1c1333e88d981494ec0f2c535b4569b1ad2110198a36b103980b1f

  • SSDEEP

    3072:kG9TLeya0Viw5aY2XgGezjtGcPGyqlV7Ja6llFXkuPsbIphlgdU4OXDKci61:Tla0MSLDtGcyj7JVlFhPsb4hlguXW61

Malware Config

Extracted

Family

privateloader

C2

http://45.133.1.182/proxies.txt

http://45.133.1.107/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

51.178.186.149

Targets

    • Target

      Setup.bin

    • Size

      425KB

    • MD5

      8cfbcaa1997655b3d952957f9311642e

    • SHA1

      ef0e4cf3845c23a19415095870a0fb3eff6c5f39

    • SHA256

      e449366d90df613d6d968f16d0d7d8f471e38d66bbf669656380adbce1d5f8d9

    • SHA512

      b420d163d661b106eaee254aacab16210c0a7fd53122111f3db0abe9371137c5fc60d1076a26b8eb9bac33c2d9e591c978130cd7177e613e7592c9064a4c37e2

    • SSDEEP

      12288:Hom4BPWeSutq75gPoxntMRWru3Yo6T9XPb:Hl42gPoxntMQru3YLRD

    Score
    6/10
    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks