General
-
Target
Bootloader.exe
-
Size
8.5MB
-
Sample
240603-h7ha6ahb33
-
MD5
04bf7634630f3527ab5351ab84009ae5
-
SHA1
a5c9bacef688213ecfcf3e528eca269e29c68c16
-
SHA256
9145a2820d02861ab749bdb94dcbe432e3fdd414ec7d409b4e4317f744f08761
-
SHA512
b204be588adb57d7776bbc27f6a472d8bf827076caa8052fd994a394bc2419846bc0efed0198079bb5aa55dbc5d67150198cc4f652a3e362f84036ac9fd26262
-
SSDEEP
196608:1r0JT+sxfWVhiurErvI9pWjgU1DEzx7sKL/s1tUgWUHAkjUWlRH2WS:gXxfWVsurEUWjhEhn01trWUd92WS
Behavioral task
behavioral1
Sample
Bootloader.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
Bootloader.exe
-
Size
8.5MB
-
MD5
04bf7634630f3527ab5351ab84009ae5
-
SHA1
a5c9bacef688213ecfcf3e528eca269e29c68c16
-
SHA256
9145a2820d02861ab749bdb94dcbe432e3fdd414ec7d409b4e4317f744f08761
-
SHA512
b204be588adb57d7776bbc27f6a472d8bf827076caa8052fd994a394bc2419846bc0efed0198079bb5aa55dbc5d67150198cc4f652a3e362f84036ac9fd26262
-
SSDEEP
196608:1r0JT+sxfWVhiurErvI9pWjgU1DEzx7sKL/s1tUgWUHAkjUWlRH2WS:gXxfWVsurEUWjhEhn01trWUd92WS
-
Modifies visiblity of hidden/system files in Explorer
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1