privateloader

General

Target

PSC zip.zip
Size

4.2MB
Sample

240701-q9g26svgje
MD5

f14baa61b53e5e32e005e15eb3d04024
SHA1

a4921e6825a9c4c4e4caa87b2fe122d0dab20354
SHA256

e8f2fc4f6b4c41758f739dde626c08d6f6a0a41ce031027a1807bfecd46b9e9e
SHA512

3385c133b2d46fb76ea5d849a082a1f9f12d1b80381c456cca39cd3d4adeea88bbec92d6d45c748df1fe51f8e8a32408e31bc4629196103d7109160ea3cb0b44
SSDEEP

98304:js2pwrEebmSfkeuXNym5AwNgXo7d5fxSltEOaJFroTBM:jsCwrEeNfkrXVR7dYetl

Score

10^/10

Malware Config

Targets

- Target
  
  PSC zip.zip
- Size
  
  4.2MB
- MD5
  
  f14baa61b53e5e32e005e15eb3d04024
- SHA1
  
  a4921e6825a9c4c4e4caa87b2fe122d0dab20354
- SHA256
  
  e8f2fc4f6b4c41758f739dde626c08d6f6a0a41ce031027a1807bfecd46b9e9e
- SHA512
  
  3385c133b2d46fb76ea5d849a082a1f9f12d1b80381c456cca39cd3d4adeea88bbec92d6d45c748df1fe51f8e8a32408e31bc4629196103d7109160ea3cb0b44
- SSDEEP
  
  98304:js2pwrEebmSfkeuXNym5AwNgXo7d5fxSltEOaJFroTBM:jsCwrEeNfkrXVR7dYetl
Score

1^/10
behavioral1
- Target
  
  password.jpg
- Size
  
  6KB
- MD5
  
  47b0b349be5f43966c8210792ce21750
- SHA1
  
  383ef6ce286dda46f4f975fbdaf7b54c6bcc1055
- SHA256
  
  8e54733a3699e8436884e08e183b55fff8929096102c0845492bd995233270d5
- SHA512
  
  37badccd72d29f83fc909b563e9982ed666dbf13899d93303bafdaf3e1c7683311750a18d722efa9dfda1f3e1017a98ef779bb232d9ba3664e03d1cdcbe8f9d8
- SSDEEP
  
  96:7rtj2ENdFuYNRbBen408HEtlnqC8/VGowXSqds1jyFwh/FA8bRJ/6jq:VjN6YN5BzHEtURVGoeds1WFwhdXRJL
Score

3^/10
behavioral2
- Target
  
  safe-archive.zip
- Size
  
  4.2MB
- MD5
  
  0c63fcd8418fe3f7e775dc1a24865298
- SHA1
  
  14ba11e7ffeaee072e4932e7e25a9396073f83e7
- SHA256
  
  3b45d57484709d78739336fefe0e260adbe08d522bcdceb3bd9d3b950e00b08a
- SHA512
  
  24da35fb6b87df4f6c1dec0129376a4800fddd2a8895ce8ae6de74b28fa73c9dd733904b4f8662d7c7e694e62ea2e037a57e0d7edfcf70111fa310acdf730c56
- SSDEEP
  
  98304:ws2pwrEebmSfkeuXNym5AwNgXo7d5fxSltEOaJFroTBh:wsCwrEeNfkrXVR7dYety
Score

1^/10
behavioral3
- Target
  
  hash.bin
- Size
  
  260KB
- MD5
  
  c5b10adb327a5ea5a73a9c962b7129e8
- SHA1
  
  10ed2ecd3bb8ecabda8987027abd908e18d43bae
- SHA256
  
  c323ae4fee03d8edaef8bd953a94697b2c5985c03ab63b88a1decfc0307fc600
- SHA512
  
  7502c2cb50226dddfa19867db8f349278a07a22b358594db5633410d2cc6e2630171eb66098f9a538fc3215b43e68813db02ba81786424998cfed74dea6be074
- SSDEEP
  
  6144:ZqFlXk+RbVxjOEYnFf7yjDyUfsGLTy6rfQpvy+ewlpI8MqaQ:oFlX1b/jOEkFf7yxnz0p728JX
Score

3^/10
behavioral4
- Target
  
  setup.exe
- Size
  
  792.0MB
- MD5
  
  d99235956d2438017dce77cbf6cb1176
- SHA1
  
  4121d8636b556b9da48081b2d818f3dcde3ac9a4
- SHA256
  
  74134cd0030b7681d9f753f8ecf68bf14937ba0261522bf05e5bef564cd8b8b0
- SHA512
  
  f090c7d82daf9f3ae9582e1d40f22272cb7e8911eae20c312704c7b814005816c8a78960b0ec21d376443db3c49c9d012052aa1f5692167b514fcf3211841351
- SSDEEP
  
  98304:rOuBF3zj5prjsd8VNCofaoUhXo8uG9pmSgQ7gCbHRd3bcEo:qunj5prvX8uGxgQZLcEo
Score

10^/10

privateloader evasion loader persistence privilege_escalation
- Modifies firewall policy service
  evasion
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Modifies system executable filetype association
  persistence
- Drops file in System32 directory
behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Modifies firewall policy service

Event Triggered Execution: Component Object Model Hijacking

Modifies system executable filetype association

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5