Resubmissions

27/07/2024, 09:38

240727-lmftda1dqp 9

27/07/2024, 09:36

240727-lldmmatgja 8

27/07/2024, 09:32

240727-lht57s1amk 8

General

  • Target

    Bootstrapper.exe

  • Size

    795KB

  • Sample

    240727-lldmmatgja

  • MD5

    bbaacdd26fbe0c94fc75efdbeac101c3

  • SHA1

    e35505a71aa33aa9e4a1445df82c5b4b18d83ba9

  • SHA256

    b16d670044caec87b211d4ae6762d5b5bd14c8d09e6ff742f8ddde6f3ec0b2cf

  • SHA512

    db9e419fd0a507e347349c78b515c73af01eefe864a3e05507b117988dfe0f4c1b0398d8e2ce326a664c566fadecee0a4f7efdcf4acd6cec10d26ec243725950

  • SSDEEP

    12288:NInH76ZVKNIkQQEWkoRQljl/NpeaotLKmzO:unb6ZVKIWkoRQljl/NpeaotLKm

Score
8/10

Malware Config

Targets

    • Target

      Bootstrapper.exe

    • Size

      795KB

    • MD5

      bbaacdd26fbe0c94fc75efdbeac101c3

    • SHA1

      e35505a71aa33aa9e4a1445df82c5b4b18d83ba9

    • SHA256

      b16d670044caec87b211d4ae6762d5b5bd14c8d09e6ff742f8ddde6f3ec0b2cf

    • SHA512

      db9e419fd0a507e347349c78b515c73af01eefe864a3e05507b117988dfe0f4c1b0398d8e2ce326a664c566fadecee0a4f7efdcf4acd6cec10d26ec243725950

    • SSDEEP

      12288:NInH76ZVKNIkQQEWkoRQljl/NpeaotLKmzO:unb6ZVKIWkoRQljl/NpeaotLKm

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks