General
-
Target
Boostrapper.exe
-
Size
40.6MB
-
Sample
240824-3p5zqaxhkl
-
MD5
d777fc6149930afc4ba10323740d7a41
-
SHA1
f59e3454392c33247d8711df24038c4b2e6bc31f
-
SHA256
d0cbdcb8b64ac6fec53f1141b0dc2cb95a797973da88a9e5f5869e56ff00c98c
-
SHA512
44fc0f8bad392106504e749cb6b33fa716d58c9aa8364813c83b2137f777c698747ab2fefec14911f73a62c9681f3b32ef371374cfd2c2f3f0bc35dd9c34a972
-
SSDEEP
786432:ddBJEM9tbOO+k9H+7qmRb78RXkUkJvHKsxnaSgg20V9qy/pW6KV:dZEcYKe7PROXWJSsFaRyhHKV
Malware Config
Targets
-
-
Target
Boostrapper.exe
-
Size
40.6MB
-
MD5
d777fc6149930afc4ba10323740d7a41
-
SHA1
f59e3454392c33247d8711df24038c4b2e6bc31f
-
SHA256
d0cbdcb8b64ac6fec53f1141b0dc2cb95a797973da88a9e5f5869e56ff00c98c
-
SHA512
44fc0f8bad392106504e749cb6b33fa716d58c9aa8364813c83b2137f777c698747ab2fefec14911f73a62c9681f3b32ef371374cfd2c2f3f0bc35dd9c34a972
-
SSDEEP
786432:ddBJEM9tbOO+k9H+7qmRb78RXkUkJvHKsxnaSgg20V9qy/pW6KV:dZEcYKe7PROXWJSsFaRyhHKV
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
��E�|�{.pyc
-
Size
1KB
-
MD5
b4452c0a616c0907c7cef4c79fd580c2
-
SHA1
aa89d959199abbf859bb78b64f194cdc51d01d81
-
SHA256
339c8fa213f725aae1b0a53cba96370bbd8e54258ac48d145662b15712035ae6
-
SHA512
d122df0f6ad7146d2c7f15f7b19a30501e76edc08531d875a3dae26b9a826a65dc72ef3a569a0fc9eb9ae08ebc675ad2fbaed3ccbb085e412eb1134f772bf0e1
Score1/10 -