c9d04a3a87fee318ba65f837f40bd2dd2428f25e78bf271207f8b2b02aaa8a06 | Triage

Submit
Reports

Overview

overview

Static

static

3

BootstrapperV1.15.exe

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

BootstrapperV1.15.exe
Size

796KB
Sample

240808-t625qawdkp
MD5

653c07b9b5f1b22c84f72c03b0083d18
SHA1

54c25b876736011d016dc0ea06a1533365555cc4
SHA256

c9d04a3a87fee318ba65f837f40bd2dd2428f25e78bf271207f8b2b02aaa8a06
SHA512

b605773fc4fa244f354bb8f51621225e6482751d19bddf747f03f624581bc7ae896ca0e40be91b667aea7a7978a291497a362f9bd65449682e1948938af684f8
SSDEEP

12288:wuHbakEAdS7SdsgtNaFoGQ4jEr+xpS1nmkFmZ2ojKU:/HbTHSINooGQ4jESxpS1nmkkK

Score

10^/10

defense_evasion discovery evasion persistence ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BootstrapperV1.15.exe

Resource

win11-20240802-en

defense_evasion discovery evasion persistence ransomware trojan

windows11-21h2-x64

31 signatures

1800 seconds

Malware Config

Targets

- Target
  
  BootstrapperV1.15.exe
- Size
  
  796KB
- MD5
  
  653c07b9b5f1b22c84f72c03b0083d18
- SHA1
  
  54c25b876736011d016dc0ea06a1533365555cc4
- SHA256
  
  c9d04a3a87fee318ba65f837f40bd2dd2428f25e78bf271207f8b2b02aaa8a06
- SHA512
  
  b605773fc4fa244f354bb8f51621225e6482751d19bddf747f03f624581bc7ae896ca0e40be91b667aea7a7978a291497a362f9bd65449682e1948938af684f8
- SSDEEP
  
  12288:wuHbakEAdS7SdsgtNaFoGQ4jEr+xpS1nmkFmZ2ojKU:/HbTHSINooGQ4jESxpS1nmkkK
Score

10^/10

defense_evasion discovery evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Disables RegEdit via registry modification
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistenceransomwaretrojan

© 2018-2025

Terms | Privacy