7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

BootstrapperV1.17.exe

windows11-21h2-x64

9

Resubmissions

01-09-2024 18:01

240901-wmcrtsxfjj 7

01-09-2024 17:47

240901-wc2yzaxhpa 9

Sharing

General

Target

BootstrapperV1.17.exe
Size

796KB
Sample

240901-wc2yzaxhpa
MD5

4b94b989b0fe7bec6311153b309dfe81
SHA1

bb50a4bb8a66f0105c5b74f32cd114c672010b22
SHA256

7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659
SHA512

fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d
SSDEEP

12288:jHeLH6iTPSE54sgweI9oaQaj3T+piq+77xOZ+eMm:jHeLHdTSEeyoaQaj3apiq+77xd

Score

9^/10

defense_evasion discovery evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BootstrapperV1.17.exe

Resource

win11-20240802-en

defense_evasion discovery evasion themida trojan

windows11-21h2-x64

33 signatures

600 seconds

Malware Config

Targets

- Target
  
  BootstrapperV1.17.exe
- Size
  
  796KB
- MD5
  
  4b94b989b0fe7bec6311153b309dfe81
- SHA1
  
  bb50a4bb8a66f0105c5b74f32cd114c672010b22
- SHA256
  
  7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659
- SHA512
  
  fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d
- SSDEEP
  
  12288:jHeLH6iTPSE54sgweI9oaQaj3T+piq+77xOZ+eMm:jHeLHdTSEeyoaQaj3apiq+77xd
Score

9^/10

defense_evasion discovery evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Blocklisted process makes network request
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionthemidatrojan

© 2018-2025

Terms | Privacy