blankgrabber | 5a4cbc93367751df1ac029344e512ce5a6fa3fe011b7126cebfaa2c745b01eca | Triage

Submit
Reports

Overview

overview

Static

static

Boostrapper-V3.exe

windows7-x64

7

Boostrapper-V3.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

Boostrapper-V3.exe
Size

46.3MB
Sample

240814-qkkf1ayfqn
MD5

2a08574a95ab861f71843d3292099e34
SHA1

87963a8282060b99258570927c223633bd08b5d3
SHA256

5a4cbc93367751df1ac029344e512ce5a6fa3fe011b7126cebfaa2c745b01eca
SHA512

de01b5b8d5f9e2e32061d8e8bb32e8a4301d4f4d44e5fad40e569715be4dcdda4156585d908c7a505d5e4222755fe4ce85a52628f874abda003ffd9511ac6231
SSDEEP

786432:9ZT+aZaAj45d0zuKrjHL3y6lM7EsjyGnDyaK9dYK8F0FD77/pYMOalq9xy/pW6KM:z+lp2zZrn31mgepn+al277/G2lq9SHKM

Score

10^/10

blankgrabber collection defense_evasion discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Boostrapper-V3.exe

Resource

win7-20240705-en

windows7-x64

3 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Boostrapper-V3.exe

Resource

win10v2004-20240802-en

collection defense_evasion discovery execution upx

windows10-2004-x64

21 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Boostrapper-V3.exe
- Size
  
  46.3MB
- MD5
  
  2a08574a95ab861f71843d3292099e34
- SHA1
  
  87963a8282060b99258570927c223633bd08b5d3
- SHA256
  
  5a4cbc93367751df1ac029344e512ce5a6fa3fe011b7126cebfaa2c745b01eca
- SHA512
  
  de01b5b8d5f9e2e32061d8e8bb32e8a4301d4f4d44e5fad40e569715be4dcdda4156585d908c7a505d5e4222755fe4ce85a52628f874abda003ffd9511ac6231
- SSDEEP
  
  786432:9ZT+aZaAj45d0zuKrjHL3y6lM7EsjyGnDyaK9dYK8F0FD77/pYMOalq9xy/pW6KM:z+lp2zZrn31mgepn+al277/G2lq9SHKM
Score

8^/10

upx collection defense_evasion discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

collectiondefense_evasiondiscoveryexecutionupx

© 2018-2025

Terms | Privacy