95486d06db5126eb557c563b5597e08b236634f75853a6491c485cb64cf28ae2 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Bootstrapper.exe

windows11-21h2-x64

9

Sharing

General

Target

Bootstrapper.exe
Size

793KB
Sample

240726-wq65vavgqp
MD5

d674b62b359b2ec81398348904f8bee9
SHA1

609d29c3d5503bc382ab55188e67e002eb8270a7
SHA256

95486d06db5126eb557c563b5597e08b236634f75853a6491c485cb64cf28ae2
SHA512

a4fe0e357e5c44ebdf87fa0273266d35ff181e4ee5c041708f44b09f5225f5841b8cb677eda903b2869fa4a86d0b39ff7b371949928bb0a1cc4cbb008f978cad
SSDEEP

12288:d63MnScwI8yPExQwa05tOocHFj6rftMH6n6rmP2vCSpm5r8d:MNcRPPEftOocHFj6JMHOdy

Score

9^/10

discovery evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Bootstrapper.exe

Resource

win11-20240709-en

discovery evasion themida trojan

windows11-21h2-x64

29 signatures

600 seconds

Malware Config

Targets

- Target
  
  Bootstrapper.exe
- Size
  
  793KB
- MD5
  
  d674b62b359b2ec81398348904f8bee9
- SHA1
  
  609d29c3d5503bc382ab55188e67e002eb8270a7
- SHA256
  
  95486d06db5126eb557c563b5597e08b236634f75853a6491c485cb64cf28ae2
- SHA512
  
  a4fe0e357e5c44ebdf87fa0273266d35ff181e4ee5c041708f44b09f5225f5841b8cb677eda903b2869fa4a86d0b39ff7b371949928bb0a1cc4cbb008f978cad
- SSDEEP
  
  12288:d63MnScwI8yPExQwa05tOocHFj6rftMH6n6rmP2vCSpm5r8d:MNcRPPEftOocHFj6JMHOdy
Score

9^/10

discovery evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Blocklisted process makes network request
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemidatrojan

© 2018-2024

Terms | Privacy