General
-
Target
AppGate2103v0115.exe
-
Size
4.3MB
-
Sample
240627-3ma2kayejg
-
MD5
d25bee31c30313658d2e010c0fb5f66e
-
SHA1
003a49d195dd719b9af213fedcf9c39d8b6bf480
-
SHA256
d963acee9e469ee9b95e16ca8d4f77412663b6f92928d885cd35c82595bea7ef
-
SHA512
323bc94eb61a776c4a2a112d064bef17bd9874e3560040672288cd4447065dca4bc47bb346ebb13319bf999163704fc56beed345bd8c24dc487803f3a8db3dc7
-
SSDEEP
98304:dbFhmDz7Avv/xXkMfPikM5JofdF7r8tH9gAMhPQLv+Wu5Vm:dFAnE55fb46LSH9gAMBQTRM
Malware Config
Targets
-
-
Target
AppGate2103v0115.exe
-
Size
4.3MB
-
MD5
d25bee31c30313658d2e010c0fb5f66e
-
SHA1
003a49d195dd719b9af213fedcf9c39d8b6bf480
-
SHA256
d963acee9e469ee9b95e16ca8d4f77412663b6f92928d885cd35c82595bea7ef
-
SHA512
323bc94eb61a776c4a2a112d064bef17bd9874e3560040672288cd4447065dca4bc47bb346ebb13319bf999163704fc56beed345bd8c24dc487803f3a8db3dc7
-
SSDEEP
98304:dbFhmDz7Avv/xXkMfPikM5JofdF7r8tH9gAMhPQLv+Wu5Vm:dFAnE55fb46LSH9gAMBQTRM
Score10/10-
Modifies firewall policy service
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-