ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a | Triage

Submit
Reports

Overview

overview

7

Static

static

3

Bootstrapper.exe

windows7-x64

1

Bootstrapper.exe

windows10-2004-x64

7

Resubmissions

12-10-2024 21:36

241012-1gcxvssepd 7

12-10-2024 21:35

241012-1fdsrswhnn 7

Sharing

General

Target

Bootstrapper.exe
Size

800KB
Sample

241012-1fdsrswhnn
MD5

2a4dcf20b82896be94eb538260c5fb93
SHA1

21f232c2fd8132f8677e53258562ad98b455e679
SHA256

ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a
SHA512

4f1164b2312fb94b7030d6eb6aa9f3502912ffa33505f156443570fc964bfd3bb21ded3cf84092054e07346d2dce83a0907ba33f4ba39ad3fe7a78e836efe288
SSDEEP

12288:t0zVvgDNMoWjTmFzAzBocaKjyWtiR1pptHxQ0z:O5vgHWjTwAlocaKjyyItHDz

Score

7^/10

discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Bootstrapper.exe

Resource

win7-20241010-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Bootstrapper.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  Bootstrapper.exe
- Size
  
  800KB
- MD5
  
  2a4dcf20b82896be94eb538260c5fb93
- SHA1
  
  21f232c2fd8132f8677e53258562ad98b455e679
- SHA256
  
  ebbcb489171abfcfce56554dbaeacd22a15838391cbc7c756db02995129def5a
- SHA512
  
  4f1164b2312fb94b7030d6eb6aa9f3502912ffa33505f156443570fc964bfd3bb21ded3cf84092054e07346d2dce83a0907ba33f4ba39ad3fe7a78e836efe288
- SSDEEP
  
  12288:t0zVvgDNMoWjTmFzAzBocaKjyWtiR1pptHxQ0z:O5vgHWjTwAlocaKjyyItHDz
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy