privateloader | 422eb7c3dc87faab3946dbdb16f243b6442ee94b2cdd9457a3ae76ed3ff64465

General

Target

422eb7c3dc87faab3946dbdb16f243b6442ee94b2cdd9457a3ae76ed3ff64465
Size

193KB
Sample

241104-qx9lnasrgj
MD5

0b5470c62a7450f4630c3c9db2647d8f
SHA1

a96bd71b9bbee901c8a0da796af359ff6a3651fe
SHA256

422eb7c3dc87faab3946dbdb16f243b6442ee94b2cdd9457a3ae76ed3ff64465
SHA512

45ad0a7461e9719f976c2f0958bb58445aa0f4f82c9328fb677c7d3ff2dd7592c3f7f8453f1c1333e88d981494ec0f2c535b4569b1ad2110198a36b103980b1f
SSDEEP

3072:kG9TLeya0Viw5aY2XgGezjtGcPGyqlV7Ja6llFXkuPsbIphlgdU4OXDKci61:Tla0MSLDtGcyj7JVlFhPsb4hlguXW61

Score

10^/10

Malware Config

Extracted

Family

privateloader

C2

http://45.133.1.182/proxies.txt

http://45.133.1.107/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

51.178.186.149

Targets

- Target
  
  Setup.bin
- Size
  
  425KB
- MD5
  
  8cfbcaa1997655b3d952957f9311642e
- SHA1
  
  ef0e4cf3845c23a19415095870a0fb3eff6c5f39
- SHA256
  
  e449366d90df613d6d968f16d0d7d8f471e38d66bbf669656380adbce1d5f8d9
- SHA512
  
  b420d163d661b106eaee254aacab16210c0a7fd53122111f3db0abe9371137c5fc60d1076a26b8eb9bac33c2d9e591c978130cd7177e613e7592c9064a4c37e2
- SSDEEP
  
  12288:Hom4BPWeSutq75gPoxntMRWru3Yo6T9XPb:Hl42gPoxntMQru3YLRD
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2