163c5a7bdc1038959e103011dcf454bc009c5b0c0ad3cac60bbb4f2a4a19444f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

BootstrapperV1.21.exe

windows7-x64

1

BootstrapperV1.21.exe

windows10-2004-x64

8

BootstrapperV1.21.exe

debian-9-mipsel

BootstrapperV1.21.exe

ubuntu-20.04-amd64

Sharing

General

Target

BootstrapperV1.21.exe
Size

797KB
Sample

241005-yz99za1fjl
MD5

c5dfc6db9d57d21fc1fd18afff38cab0
SHA1

2c0ad08b90c699539702899db5860c1e1e1a8d80
SHA256

163c5a7bdc1038959e103011dcf454bc009c5b0c0ad3cac60bbb4f2a4a19444f
SHA512

0369f636cc83d5841549a06ed1ca06b74859a26ef7ebc35ed9f26c281682e10804fcdaf3dfc47049b4aea01694cc11014d2e2c6435b0abc757a5472c548dd68e
SSDEEP

12288:igEx9nCvJ4f05oOGoGH/j0MNVcfzJXcBPXBNr8L:ZY9CvzoVoGH/j0ucrJXO

Score

8^/10

discovery linux

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BootstrapperV1.21.exe

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

BootstrapperV1.21.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

24 signatures

150 seconds

Behavioral task

behavioral3

Sample

BootstrapperV1.21.exe

Resource

debian9-mipsel-20240611-en

debian-9-mipsel

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

BootstrapperV1.21.exe

Resource

ubuntu2004-amd64-20240729-en

ubuntu-20.04-amd64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  BootstrapperV1.21.exe
- Size
  
  797KB
- MD5
  
  c5dfc6db9d57d21fc1fd18afff38cab0
- SHA1
  
  2c0ad08b90c699539702899db5860c1e1e1a8d80
- SHA256
  
  163c5a7bdc1038959e103011dcf454bc009c5b0c0ad3cac60bbb4f2a4a19444f
- SHA512
  
  0369f636cc83d5841549a06ed1ca06b74859a26ef7ebc35ed9f26c281682e10804fcdaf3dfc47049b4aea01694cc11014d2e2c6435b0abc757a5472c548dd68e
- SSDEEP
  
  12288:igEx9nCvJ4f05oOGoGH/j0MNVcfzJXcBPXBNr8L:ZY9CvzoVoGH/j0ucrJXO
Score

8^/10

discovery
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2025

Terms | Privacy