General
-
Target
https://xeno.best/Bootstrapper
-
Sample
241031-w2bs3ssenm
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://xeno.best/Bootstrapper
Resource
win11-20241007-en
Malware Config
Extracted
stealc
7140196255
http://83.217.209.11
-
url_path
/fd2453cf4b7dd4a4.php
Targets
-
-
Target
https://xeno.best/Bootstrapper
-
Stealc family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Authentication Process
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1