7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Bootstrapper.exe

windows11-21h2-x64

9

Sharing

General

Target

Bootstrapper.exe
Size

796KB
Sample

240908-nf5j9svhkf
MD5

4b94b989b0fe7bec6311153b309dfe81
SHA1

bb50a4bb8a66f0105c5b74f32cd114c672010b22
SHA256

7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659
SHA512

fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d
SSDEEP

12288:jHeLH6iTPSE54sgweI9oaQaj3T+piq+77xOZ+eMm:jHeLHdTSEeyoaQaj3apiq+77xd

Score

9^/10

discovery evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Bootstrapper.exe

Resource

win11-20240802-en

discovery evasion themida trojan

windows11-21h2-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  Bootstrapper.exe
- Size
  
  796KB
- MD5
  
  4b94b989b0fe7bec6311153b309dfe81
- SHA1
  
  bb50a4bb8a66f0105c5b74f32cd114c672010b22
- SHA256
  
  7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659
- SHA512
  
  fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d
- SSDEEP
  
  12288:jHeLH6iTPSE54sgweI9oaQaj3T+piq+77xOZ+eMm:jHeLHdTSEeyoaQaj3apiq+77xd
Score

9^/10

discovery evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Blocklisted process makes network request
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemidatrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.