privateloader | ca4071b32d81b7e15183a89246053b64731408d41fa26412e5709b9bc94fd4e1 | Triage

Sharing

General

Target

ca4071b32d81b7e15183a89246053b64731408d41fa26412e5709b9bc94fd4e1
Size

366KB
Sample

241105-b9w4rsvjep
MD5

2257f5e03a3458fc694791b84647bd97
SHA1

08d21f2c8efc2897ee427003b24f347fc1c3f92a
SHA256

ca4071b32d81b7e15183a89246053b64731408d41fa26412e5709b9bc94fd4e1
SHA512

e430a2bd62e9b40b3db13384c251e34016e8682c1908624779f0fc8144b3e907b7aec8a948865a5abb170a89a67f810c5b7454ac3e876d2ab141c009c8913bf7
SSDEEP

6144:Mfg11TFSnoc7tzrOIrgqKp9VjMd7vZL02dIHqEnuO6Hwf9J6DCFaN1m392tpmnsg:bPTInoc7tzrOIrgljcz1ELAwH1aNC2hg

Score

10^/10

privateloader discovery evasion trojan

Malware Config

Targets

- Target
  
  adb98685d3d6a8fa5e90b6fd9d458601d874718d5815f8aab66728ba9d067440
- Size
  
  773KB
- MD5
  
  987d0f92ed9871031e0061e16e7bbac4
- SHA1
  
  b69f3badc82b6da0ff311f9dc509bac244464332
- SHA256
  
  adb98685d3d6a8fa5e90b6fd9d458601d874718d5815f8aab66728ba9d067440
- SHA512
  
  f4ecf0bd996fd9aab99eba225bed9dbe2af3f8857a32bc9f0eda2c2fe8b468f5f853e68e96c029cf4cfd161409e072777db92a7502b58b541e0057b449f79770
- SSDEEP
  
  24576:guuhBzW6ZEaA9WipcnEsbsX0GMeVTwLWKEq:1gzJG6EVT+Wlq
Score

10^/10

discovery evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

discoveryevasiontrojan