General
-
Target
Bootstrapper.exe
-
Size
793KB
-
Sample
240726-wq65vavgqp
-
MD5
d674b62b359b2ec81398348904f8bee9
-
SHA1
609d29c3d5503bc382ab55188e67e002eb8270a7
-
SHA256
95486d06db5126eb557c563b5597e08b236634f75853a6491c485cb64cf28ae2
-
SHA512
a4fe0e357e5c44ebdf87fa0273266d35ff181e4ee5c041708f44b09f5225f5841b8cb677eda903b2869fa4a86d0b39ff7b371949928bb0a1cc4cbb008f978cad
-
SSDEEP
12288:d63MnScwI8yPExQwa05tOocHFj6rftMH6n6rmP2vCSpm5r8d:MNcRPPEftOocHFj6JMHOdy
Static task
static1
Malware Config
Targets
-
-
Target
Bootstrapper.exe
-
Size
793KB
-
MD5
d674b62b359b2ec81398348904f8bee9
-
SHA1
609d29c3d5503bc382ab55188e67e002eb8270a7
-
SHA256
95486d06db5126eb557c563b5597e08b236634f75853a6491c485cb64cf28ae2
-
SHA512
a4fe0e357e5c44ebdf87fa0273266d35ff181e4ee5c041708f44b09f5225f5841b8cb677eda903b2869fa4a86d0b39ff7b371949928bb0a1cc4cbb008f978cad
-
SSDEEP
12288:d63MnScwI8yPExQwa05tOocHFj6rftMH6n6rmP2vCSpm5r8d:MNcRPPEftOocHFj6JMHOdy
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
2Query Registry
5System Information Discovery
6System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Virtualization/Sandbox Evasion
1