General

  • Target

    Bootstrapper.exe

  • Size

    796KB

  • Sample

    240908-nf5j9svhkf

  • MD5

    4b94b989b0fe7bec6311153b309dfe81

  • SHA1

    bb50a4bb8a66f0105c5b74f32cd114c672010b22

  • SHA256

    7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659

  • SHA512

    fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d

  • SSDEEP

    12288:jHeLH6iTPSE54sgweI9oaQaj3T+piq+77xOZ+eMm:jHeLHdTSEeyoaQaj3apiq+77xd

Malware Config

Targets

    • Target

      Bootstrapper.exe

    • Size

      796KB

    • MD5

      4b94b989b0fe7bec6311153b309dfe81

    • SHA1

      bb50a4bb8a66f0105c5b74f32cd114c672010b22

    • SHA256

      7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659

    • SHA512

      fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d

    • SSDEEP

      12288:jHeLH6iTPSE54sgweI9oaQaj3T+piq+77xOZ+eMm:jHeLHdTSEeyoaQaj3apiq+77xd

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Blocklisted process makes network request

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Network Share Discovery

      Attempt to gather information on host network.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.