General

  • Target

    Bootstrapper.exe

  • Size

    55KB

  • Sample

    231204-2f14qsgb85

  • MD5

    f83cad71e17f33f9982f7d6abad5a00c

  • SHA1

    f97a63401711f760ff3a16c53f044580e69686b5

  • SHA256

    ba40f680d70bb6d8e9687c773586f01dd8c21a55e8a50f1c84dcbb0281aa0334

  • SHA512

    3294c99d2d441e41fa6c0cc213bfa572638b2908dd5de65b87b41d9acecc1eb9c6b8f4ddc4f8c1a439c1f86ae8f9bfbf291057504b2cf82bf996083e66020dda

  • SSDEEP

    768:06AJcT9GzAs3p87Q63q74/tn8exlzuPaRELMWbqkNA6LLiUfCZanIt:Scsu8kz8hrPbqZ1t

Score
8/10

Malware Config

Targets

    • Target

      Bootstrapper.exe

    • Size

      55KB

    • MD5

      f83cad71e17f33f9982f7d6abad5a00c

    • SHA1

      f97a63401711f760ff3a16c53f044580e69686b5

    • SHA256

      ba40f680d70bb6d8e9687c773586f01dd8c21a55e8a50f1c84dcbb0281aa0334

    • SHA512

      3294c99d2d441e41fa6c0cc213bfa572638b2908dd5de65b87b41d9acecc1eb9c6b8f4ddc4f8c1a439c1f86ae8f9bfbf291057504b2cf82bf996083e66020dda

    • SSDEEP

      768:06AJcT9GzAs3p87Q63q74/tn8exlzuPaRELMWbqkNA6LLiUfCZanIt:Scsu8kz8hrPbqZ1t

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks