General
-
Target
https://cdn.discordapp.com/attachments/1275262020853301333/1276270841545494630/Boostrapper.exe?ex=66c8eb58&is=66c799d8&hm=4a22b61fd0112ba99ef6b2feac1dcdc5fc35b7d4a20149cda265e90bface611c&
-
Sample
240823-ftr74aygqk
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1275262020853301333/1276270841545494630/Boostrapper.exe?ex=66c8eb58&is=66c799d8&hm=4a22b61fd0112ba99ef6b2feac1dcdc5fc35b7d4a20149cda265e90bface611c&
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-