privateloader | 011e18ab0139035119a50b38b3a4247cd18a4f3611f6ca62252186079075504d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

JaffaCakes...4d.exe

windows7-x64

JaffaCakes...4d.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_011e18ab0139035119a50b38b3a4247cd18a4f3611f6ca62252186079075504d
Size

657.0MB
Sample

241229-mekm2ayrcp
MD5

1c066eeb570a13e903521d6089b2ae23
SHA1

4793865493aa7be0eb7fbfc7f8d0dd9d8433f4dd
SHA256

011e18ab0139035119a50b38b3a4247cd18a4f3611f6ca62252186079075504d
SHA512

35bfc85d03a09ed59a1506b86c1f60e5d554a49d0bdfbff3ae325853c7debf53e130225fa14db00069545cffe3001721c268317a6c5ddf00abb248cdecc6dcc2
SSDEEP

98304:jSLuk76B0Ml8QpvUe8TEVJ1/+3ZGEYYEmVcYKfUqC86pM:jSLuay6QpMe8A23Z7PVcsqx6p

Score

10^/10

privateloader loader vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_011e18ab0139035119a50b38b3a4247cd18a4f3611f6ca62252186079075504d.exe

Resource

win7-20241010-en

privateloader loader vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_011e18ab0139035119a50b38b3a4247cd18a4f3611f6ca62252186079075504d.exe

Resource

win10v2004-20241007-en

privateloader loader vmprotect

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_011e18ab0139035119a50b38b3a4247cd18a4f3611f6ca62252186079075504d
- Size
  
  657.0MB
- MD5
  
  1c066eeb570a13e903521d6089b2ae23
- SHA1
  
  4793865493aa7be0eb7fbfc7f8d0dd9d8433f4dd
- SHA256
  
  011e18ab0139035119a50b38b3a4247cd18a4f3611f6ca62252186079075504d
- SHA512
  
  35bfc85d03a09ed59a1506b86c1f60e5d554a49d0bdfbff3ae325853c7debf53e130225fa14db00069545cffe3001721c268317a6c5ddf00abb248cdecc6dcc2
- SSDEEP
  
  98304:jSLuk76B0Ml8QpvUe8TEVJ1/+3ZGEYYEmVcYKfUqC86pM:jSLuay6QpMe8A23Z7PVcsqx6p
Score

10^/10

privateloader loader vmprotect
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Privateloader family
  privateloader
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

privateloaderloadervmprotect

behavioral2

privateloaderloadervmprotect

© 2018-2025

Terms | Privacy