Hunting PrivateLoader: Pay-Per-Install Service | André Tavares
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | a8fdd9cc-2766-4a00-b720-54afa5e71bd3 |
| Fingerprint | 9ccff268e96bc657 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 6, 2022, midnight |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 6:53 p.m. |
| Headline | Hunting PrivateLoader: Pay-Per-Install Service |
| Title | Hunting PrivateLoader: Pay-Per-Install Service | André Tavares |
| Detected Hints/Tags/Attributes | 23/1/18 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 358 | pastebin.com |
|
| Details | Domain | 12 | wfsdragon.ru |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 4 | proxies.txt |
|
| Details | File | 15 | server.txt |
|
| Details | File | 9 | setstats.php |
|
| Details | File | 34 | winhttp.dll |
|
| Details | File | 146 | wininet.dll |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 8 | statistics.php |
|
| Details | sha256 | 2 | aa2c0a9e34f9fa4cbf1780d757cc84f32a8bd005142012e91a6888167f80f4d5 |
|
| Details | IPv4 | 4 | 212.193.30.45 |
|
| Details | IPv4 | 2 | 45.144.225.57 |
|
| Details | IPv4 | 8 | 2.56.59.42 |
|
| Details | Url | 1 | http://212.193.30.45/proxies.txt |
|
| Details | Url | 2 | http://45.144.225.57/server.txt |
|
| Details | Url | 9 | http://wfsdragon.ru/api/setstats.php |