privateloader | d849f1f013d633d91a68258551a54b20246ea20b33775a7b29096f85d7f35bd5 | Triage

Submit
Reports

Overview

overview

Static

static

7

6ca26fbe13...46.exe

windows7-x64

6ca26fbe13...46.exe

windows10-2004-x64

Sharing

General

Target

0a95ad0535baeef34122bddd80f99bb62ee3ad26
Size

5.0MB
Sample

241107-jpbw4aycjb
MD5

c085dd87b5d18ee9c8ec38a2977440b5
SHA1

0a95ad0535baeef34122bddd80f99bb62ee3ad26
SHA256

d849f1f013d633d91a68258551a54b20246ea20b33775a7b29096f85d7f35bd5
SHA512

c398d6b66913123024ee5c96731e7b6e0e0f5f9a8f71c0efb352e410277e2d1d0e1e437b972f01801c71a698e6db9900d68d822ca20eac63c54932ca7fbcbdc1
SSDEEP

98304:OrgTFbeYp25aGhBrZXdAsjzAcu2tsnSDZc6K/jdZ/cAUdAEX9CrcGgDI1:nap7BrZN7w2un6/K//LEXEcxDI1

Score

10^/10

privateloader discovery evasion loader themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6ca26fbe131ceb76d05709c5df672110dc50148c791d8079eeb7d988025aef46.exe

Resource

win7-20240903-en

privateloader discovery evasion loader themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ca26fbe131ceb76d05709c5df672110dc50148c791d8079eeb7d988025aef46.exe

Resource

win10v2004-20241007-en

privateloader discovery evasion loader themida trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

privateloader

C2

http://212.193.30.45/proxies.txt

http://85.202.169.116/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

85.202.169.116

Targets

- Target
  
  6ca26fbe131ceb76d05709c5df672110dc50148c791d8079eeb7d988025aef46
- Size
  
  5.1MB
- MD5
  
  bddbc9360dfb7c83b96437a0ca77aae1
- SHA1
  
  88c82298dd32e2826743caeca5b82acf6583eee7
- SHA256
  
  6ca26fbe131ceb76d05709c5df672110dc50148c791d8079eeb7d988025aef46
- SHA512
  
  2a066a7e0b38d1c755d67757e4fe67eb12fefcce4aca078ae5f3f554cfd60415a5676c82a0d9eb6de9eef9327cee8eb1038f45d730fa2314e561ea2120f21224
- SSDEEP
  
  98304:YNd6oQypwQq73QOB6+KPZtshYIyVGf+GBycKgeE7lXK:Yb6oQewQqbQO0+KPLsiVs+GVKjE7l6
Score

10^/10

privateloader discovery evasion loader themida trojan
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Privateloader family
  privateloader
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

privateloaderdiscoveryevasionloaderthemidatrojan

behavioral2

privateloaderdiscoveryevasionloaderthemidatrojan

© 2018-2024

Terms | Privacy