General

  • Target

    SloroBootStrapper.exe

  • Size

    77.7MB

  • Sample

    240802-ztg7nszemn

  • MD5

    752d5d7c08107083008236bf79d4c9ed

  • SHA1

    f9512686b210b458e0fe9d1f4cf844366100a4e9

  • SHA256

    5157b934e9ac0f02f4c7b86639ac46556b12c710fbcb27dfab530aff8c4fd8e1

  • SHA512

    97530f967fe9c0fb3df0f25439e7093d8fd7cf211c7b96a0fc1549beed8578f75e5919dfd066d701dec4a76ccaff275f0de1c4d9ebdac520b567e6b145f68477

  • SSDEEP

    1572864:2vHcRlqph7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4xTom227CXqK:2vHcRIhTSkB05awqfhdCpukdR+s7Ca

Malware Config

Targets

    • Target

      SloroBootStrapper.exe

    • Size

      77.7MB

    • MD5

      752d5d7c08107083008236bf79d4c9ed

    • SHA1

      f9512686b210b458e0fe9d1f4cf844366100a4e9

    • SHA256

      5157b934e9ac0f02f4c7b86639ac46556b12c710fbcb27dfab530aff8c4fd8e1

    • SHA512

      97530f967fe9c0fb3df0f25439e7093d8fd7cf211c7b96a0fc1549beed8578f75e5919dfd066d701dec4a76ccaff275f0de1c4d9ebdac520b567e6b145f68477

    • SSDEEP

      1572864:2vHcRlqph7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4xTom227CXqK:2vHcRIhTSkB05awqfhdCpukdR+s7Ca

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks