blankgrabber | 76241e732ed2a6943c203c765b3beb86f0657229103aa97bd91eaf6035247444 | Triage

Submit
Reports

Overview

overview

Static

static

Boostrapper.exe

windows7-x64

7

Boostrapper.exe

windows10-2004-x64

8

Sharing

General

Target

Boostrapper.exe
Size

40.7MB
Sample

240829-bf7cmswcje
MD5

7c6924eaa3c73a61a085db1878ea0685
SHA1

695c205f41850c54cecedc9416347f09aa5119bc
SHA256

76241e732ed2a6943c203c765b3beb86f0657229103aa97bd91eaf6035247444
SHA512

81155273c72a33ca837fa008fe2bf89326472d4f5f178751e205b1c419038012a19a4a8481e2123d26e7c8f15602658c02a30403e0dc4749890f0c72e41bbfa3
SSDEEP

786432:/f3Lut3K4ty2NK09HtmERUVEcuZ3AIjNwPvH9mPeFy/pWJS:nLuNR9MEiu2I5wPvcmGwS

Score

10^/10

blankgrabber collection discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Boostrapper.exe

Resource

win7-20240708-en

windows7-x64

4 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Boostrapper.exe

Resource

win10v2004-20240802-en

collection discovery execution upx

windows10-2004-x64

20 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Boostrapper.exe
- Size
  
  40.7MB
- MD5
  
  7c6924eaa3c73a61a085db1878ea0685
- SHA1
  
  695c205f41850c54cecedc9416347f09aa5119bc
- SHA256
  
  76241e732ed2a6943c203c765b3beb86f0657229103aa97bd91eaf6035247444
- SHA512
  
  81155273c72a33ca837fa008fe2bf89326472d4f5f178751e205b1c419038012a19a4a8481e2123d26e7c8f15602658c02a30403e0dc4749890f0c72e41bbfa3
- SSDEEP
  
  786432:/f3Lut3K4ty2NK09HtmERUVEcuZ3AIjNwPvH9mPeFy/pWJS:nLuNR9MEiu2I5wPvcmGwS
Score

8^/10

upx collection discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

collectiondiscoveryexecutionupx

© 2018-2024

Terms | Privacy