e12b35bb96f789fe856cae00c7cf465bf355c8315878e502527262fff3e74fcf | Triage

Submit
Reports

Overview

overview

8

Static

static

3

reboot_lau...up.exe

windows7-x64

reboot_lau...up.exe

windows10-2004-x64

8

Sharing

General

Target

reboot_launcher-9.2.7+9.2.7-windows-setup.exe
Size

69.5MB
Sample

241005-pkq34sshkm
MD5

bfecd3cd092a3224723e48b147767880
SHA1

5a7ace5dc9ee44d5916b1b679ee2f4cc6584007e
SHA256

e12b35bb96f789fe856cae00c7cf465bf355c8315878e502527262fff3e74fcf
SHA512

179fa2f0ad6540d511fcbb5aab86dde8c32c5d2c3f3dda0ae71a9443dcc478e7ebfc11089305ff4924f272d600979422d657c2e19069cb792e76e392c5bd4e95
SSDEEP

1572864:ALlXQv2+gRYYxOP+bobZwWbqH59R0V4AwDBEZX61JJU9+H9Ip+KaV4e63:YXO2+gw+b4+WCRpk5CJJU9+dIGV4e63

Score

8^/10

discovery execution persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

reboot_launcher-9.2.7+9.2.7-windows-setup.exe

Resource

win7-20240903-en

discovery execution persistence

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

reboot_launcher-9.2.7+9.2.7-windows-setup.exe

Resource

win10v2004-20240802-en

discovery execution

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  reboot_launcher-9.2.7+9.2.7-windows-setup.exe
- Size
  
  69.5MB
- MD5
  
  bfecd3cd092a3224723e48b147767880
- SHA1
  
  5a7ace5dc9ee44d5916b1b679ee2f4cc6584007e
- SHA256
  
  e12b35bb96f789fe856cae00c7cf465bf355c8315878e502527262fff3e74fcf
- SHA512
  
  179fa2f0ad6540d511fcbb5aab86dde8c32c5d2c3f3dda0ae71a9443dcc478e7ebfc11089305ff4924f272d600979422d657c2e19069cb792e76e392c5bd4e95
- SSDEEP
  
  1572864:ALlXQv2+gRYYxOP+bobZwWbqH59R0V4AwDBEZX61JJU9+H9Ip+KaV4e63:YXO2+gw+b4+WCRpk5CJJU9+dIGV4e63
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistence

behavioral2

discoveryexecution

© 2018-2025

Terms | Privacy