privateloader | 56167ce2a246b4292b496fc8cc5829d2f182ab363c645b89678e73e8210aa37c | Triage

Sharing

General

Target

56167ce2a246b4292b496fc8cc5829d2f182ab363c645b89678e73e8210aa37c
Size

149KB
Sample

241111-emgmcasgmc
MD5

9fc1019ff33c61d53d8489b795e47dfe
SHA1

df2cfe705ada080e744e8cb674be3bb9dc85fcf8
SHA256

56167ce2a246b4292b496fc8cc5829d2f182ab363c645b89678e73e8210aa37c
SHA512

c213ea6ab8871c4adb71151788c02bbf16c7b9e5e5cfbf826a9ba70eef9f1d25975b4d73fa0036f5177de3bf674d7a8c036571e568d851e9b1f5e18e0f1f8104
SSDEEP

3072:2beiGzqFFZ4VUayv/Ze6F06XL9GxRogdpEt66pufCVCrUJMBEnQeQ:tiGqFFZ4VUpHY6VpGx7KtP9uUaB0QeQ

Score

10^/10

privateloader discovery loader

Malware Config

Extracted

Family

privateloader

C2

http://45.133.1.107/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

51.178.186.149

Targets

- Target
  
  Setup.bin
- Size
  
  403KB
- MD5
  
  d1b2c8ddca2f8dd02e2c132153055084
- SHA1
  
  21c011ac7406eef048c175f5887e4eb885c050d6
- SHA256
  
  506c2f513d64242fcb20ccff8c26c0ed1755fe9120b984c29ba224b311d635c3
- SHA512
  
  ab73df911df41235159341cc8fefed284a3f9720f241b51dfe2db2ac415b3438d5fbbeacfa980a61d402edc64afeda87447ccda49b7d279fba524036e9287594
- SSDEEP
  
  6144:CbUYPg/USg7WFugabIv1pE0EAPMrGWsWDWidF0HQszCZ2Ftppb9Y81+k7pq7FLfj:CgYI/7FugagS2zO
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

loaderprivateloader

behavioral1

behavioral2