47b5923fec8beeb4d0b55ca7ca7839e3bf83a9a804644f014e6bad1d441376c5 | Triage

Submit
Reports

Overview

overview

Static

static

9

Boostrappe...er.exe

windows10-2004-x64

Boostrapper/web.dll

windows10-2004-x64

1

Sharing

General

Target

TH9Y00qBjEP.zip
Size

8.4MB
Sample

240618-ha6x9a1dpf
MD5

4778edf8277a75c941c54527037c23d5
SHA1

b2e6df4f08e54cf480e7ee280a1eac1699132add
SHA256

47b5923fec8beeb4d0b55ca7ca7839e3bf83a9a804644f014e6bad1d441376c5
SHA512

51ab3cf2726250a02689078617c3ee884b314a844457b52b1d29089d8a22b8fb4ab700ec8f137579557686dcdec5ffc1ed6ff2eb27659d3c5f6192c18bb25515
SSDEEP

196608:hEA4HZIDeVdvkr/c83HdKBxQCNbh8bFOUkrA3FxLuHblfv10hr0E/WY6z4:hEAy3Vpqp39KX1XAZAAFx+h10hp/oM

Score

10^/10

cryptone discovery packer spyware stealer

Static task

static1

cryptone packer

2 signatures

Behavioral task

behavioral1

Sample

Boostrapper/SolaraBoostrapper.exe

Resource

win10v2004-20240611-en

discovery spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Boostrapper/web.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  Boostrapper/SolaraBoostrapper.exe
- Size
  
  250.0MB
- MD5
  
  6e566fd9a37ea60015f5b8fa5369192d
- SHA1
  
  16455b4d132b96e0bd1b3fbf3e2f3da5d773c0f3
- SHA256
  
  d3d9a157a4a6eebf4e736d9dd2839ca32e4eb1e9f2dc8731cea7d8ad3bbead5a
- SHA512
  
  9a6a1b5ecbd65bf7c3e8419078602a12c8ec8fdcbb9d2177a1f36bc047e4ab865ae087ce1955f2e25873bff0b05c730def9f2ff39842673dce9560a958bf0a0f
- SSDEEP
  
  24576:7gJwGZSjmG8Bom+HYCQjDPEi3n4T1Rz20n9m0p2:7gtZSyG2omzCebEw4pRi6m0p2
Score

10^/10

discovery spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  Boostrapper/web
- Size
  
  18.7MB
- MD5
  
  88fd7dbf04bcf75123d02009aea3f7f7
- SHA1
  
  cecf16bdad71e54afc941179ea2b7438a04efa1d
- SHA256
  
  01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
- SHA512
  
  2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
- SSDEEP
  
  393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score

1^/10
behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

© 2018-2024

Terms | Privacy