The fifth bi-weekly challenge is now ready! This one is a 2 part challenge, focusing on a pay-per-install loader you may have heard of that has been seen distributing SmokeLoader, GCleaner, Danabot, Dridex, and many more malware families - PrivateLoader!

For the first part of the challenge, you’ll need to identify how the strings are stored, and decrypt them, which should help you identify how and where the C2 is stored. In order to complete the second part of the challenge, you’ll need to reverse engineer the network protocol used by PrivateLoader, identifying any encryption algorithms in use, as well as what is eventually retrieved by the loader from the C2 server.

You can grab the sample from here: https://bazaar.abuse.ch/sample/d75a7ee1a791ac1260fa1e83e6cd066dcf1446f2d52b136d226b8de8c284cd06/

Good luck!