General
-
Target
Bootstrapper.exe
-
Size
796KB
-
Sample
240810-3qqanaydmh
-
MD5
b75a8d6732141aafe1e47bda7405d710
-
SHA1
f4ef3bf2e980583c0d46e8ba17b8916d6a45c642
-
SHA256
12b47fe6997b6f91e3ebf8ecb94ccaf893de4f9784b4d79ba9996fb0ae43417c
-
SHA512
0dd4910b8964f2a08a43cab6238eeef3b0123952f3e00e138217fe9426f607a7177b1f5de2c3332b723bfc4bd1dc2970f6e5582883699ef8877d8e5ed9231b3e
-
SSDEEP
12288:EpdnCT28YS8yAsggrctoaQDj+QcuWEPdC64ALLb9Z6:EpdnCapSlrKoaQDj+nubPdC64ALX
Malware Config
Targets
-
-
Target
Bootstrapper.exe
-
Size
796KB
-
MD5
b75a8d6732141aafe1e47bda7405d710
-
SHA1
f4ef3bf2e980583c0d46e8ba17b8916d6a45c642
-
SHA256
12b47fe6997b6f91e3ebf8ecb94ccaf893de4f9784b4d79ba9996fb0ae43417c
-
SHA512
0dd4910b8964f2a08a43cab6238eeef3b0123952f3e00e138217fe9426f607a7177b1f5de2c3332b723bfc4bd1dc2970f6e5582883699ef8877d8e5ed9231b3e
-
SSDEEP
12288:EpdnCT28YS8yAsggrctoaQDj+QcuWEPdC64ALLb9Z6:EpdnCapSlrKoaQDj+nubPdC64ALX
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1