6cd56a24ad78edb236a535ccb3bae21a97524c608e7cca87f65177868f72a11a | Triage

Submit
Reports

Overview

overview

7

Static

static

1

Bootstrapper.exe

windows11-21h2-x64

7

Sharing

General

Target

Bootstrapper.exe
Size

34.6MB
Sample

240810-l3zlesyfrb
MD5

df0ab2d4902ef9656390bec48521185c
SHA1

e4dff6c1ec8963596632ac4a980b665b15edcdee
SHA256

6cd56a24ad78edb236a535ccb3bae21a97524c608e7cca87f65177868f72a11a
SHA512

8c2cc016b1057f3980063c940a009e785603164de0022b75ed1da26dbab6c26abe59f4e347500de826b0a75e2e58c05892cf2b9993690947a5f66eac2abe0ad0
SSDEEP

786432:69AOQNq7vDUdbSKvIACT6ESWqEjMT7/I3TyPxG:sAOQw7v4dhvIxlq1wiE

Score

7^/10

discovery persistence privilege_escalation spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

Bootstrapper.exe

Resource

win11-20240802-en

discovery persistence privilege_escalation spyware stealer upx

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Bootstrapper.exe
- Size
  
  34.6MB
- MD5
  
  df0ab2d4902ef9656390bec48521185c
- SHA1
  
  e4dff6c1ec8963596632ac4a980b665b15edcdee
- SHA256
  
  6cd56a24ad78edb236a535ccb3bae21a97524c608e7cca87f65177868f72a11a
- SHA512
  
  8c2cc016b1057f3980063c940a009e785603164de0022b75ed1da26dbab6c26abe59f4e347500de826b0a75e2e58c05892cf2b9993690947a5f66eac2abe0ad0
- SSDEEP
  
  786432:69AOQNq7vDUdbSKvIACT6ESWqEjMT7/I3TyPxG:sAOQw7v4dhvIxlq1wiE
Score

7^/10

discovery persistence privilege_escalation spyware stealer upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalationspywarestealerupx

© 2018-2025

Terms | Privacy