General

  • Target

    c8a7719e5f574a0c18566216551ae6e7bdae33f3

  • Size

    13.7MB

  • MD5

    548bdfcb86652c14659e019e9f838f42

  • SHA1

    c8a7719e5f574a0c18566216551ae6e7bdae33f3

  • SHA256

    4c1fc6a16f378978da7c35f36525a4397a983255020fb709d0ad8cbe3f1e38e5

  • SHA512

    cc9a2611d43be920d673764d89360adc530fef88b6ed773e9236241eb2f14cec751726680a07a88abeca852873252987114e14381c1645849141b55ba6bd28af

  • SSDEEP

    196608:/C7YJFaPZRe9KwX9MqDO+SSwsvAlNSzo47accS3/xm0m2nXvmdO/yguT5fR6Dma7:lg/wWqDOo0SklSm0xmdOduT5fkia8JY

Malware Config

Extracted

Family

privateloader

C2

http://163.123.143.4/proxies.txt

http://107.182.129.251/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

163.123.143.12

Attributes
  • payload_url

    https://vipsofts.xyz/files/mega.bmp

Signatures

  • Privateloader family
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

Files

  • c8a7719e5f574a0c18566216551ae6e7bdae33f3
    .zip
  • PL/6523.exe
    .exe windows:5 windows x86 arch:x86

    fe8e44e9bcf985b83aaf4b8d099548b9


    Headers

    Imports

    Sections

  • PL/Galaxy.exe
    .exe windows:10 windows x64 arch:x64

    4cea7ae85c87ddc7295d39ff9cda31d1


    Headers

    Imports

    Sections

  • PL/Service.exe
    .exe windows:6 windows x86 arch:x86

    9734ba8626408cec04bb8fa7d8bb6e83


    Headers

    Imports

    Sections

  • PL/Une1.exe
    .exe windows:10 windows x86 arch:x86

    646167cce332c1c252cdcb1839e0cf48


    Headers

    Imports

    Sections

  • PL/pb1115.exe
    .exe windows:6 windows x64 arch:x64

    f4f3033dc6d082dab79624f81575aceb


    Headers

    Imports

    Sections

  • PL/setup.exe
    .exe windows:5 windows x86 arch:x86

    fe8e44e9bcf985b83aaf4b8d099548b9


    Headers

    Imports

    Sections

  • PL/setup.exe_
    .exe windows:4 windows x86 arch:x86

    3786a4cf8bfee8b4821db03449141df4


    Headers

    Imports

    Sections

  • PL/setup331.exe
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections