Analysis Overview
score
10/10
SHA256
fc1ad8d1483f0b1c94b55be7b7587b86485022ca4e62e6fb0c06e392dfaeecd2
Threat Level: Known bad
The file C11Bootstrapper.zip was found to be: Known bad.
Malicious Activity Summary
Detect Umbral payload
Umbral family
Async RAT payload
Asyncrat family
Unsigned PE
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2024-04-19 20:55
Signatures
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Asyncrat family
Detect Umbral payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Umbral family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-19 20:55
Reported
2024-04-19 21:28
Platform
win11-20240412-en
Max time kernel
1488s
Max time network
1503s
Command Line
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C11Bootstrapper\Start.bat"
Signatures
N/A
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\C11Bootstrapper\Start.bat"
Network
| Country | Destination | Domain | Proto |
| NL | 52.111.243.29:443 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
Files
N/A