General
-
Target
ProtowareBootstrapper.exe
-
Size
1.2MB
-
Sample
241104-b4trfs1app
-
MD5
33dc8969e5aaca694f946e2d62cf0452
-
SHA1
964a17adaf91b39d26cf41e4dbc4da25a1bd2c3a
-
SHA256
52c2fc62daccc1804233d9fedc3c7e2ffb43b7656df6cdad5605424c5b697e7d
-
SHA512
abc8324d6f01e742a915245dc8c5d2c86ed08b2b9d839267b6cb7a561fdcd3cc68d66a3a5de78181e85053f71bfda4dd27e38bd7222a1b3503a149ea422b98c7
-
SSDEEP
24576:OLq49A5mvbuhZUTdeuUVk1BrboU4Dwptk5BkA+MEf:OLxSAb0QB6wgcn/f
Static task
static1
Behavioral task
behavioral1
Sample
ProtowareBootstrapper.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
ProtowareBootstrapper.exe
-
Size
1.2MB
-
MD5
33dc8969e5aaca694f946e2d62cf0452
-
SHA1
964a17adaf91b39d26cf41e4dbc4da25a1bd2c3a
-
SHA256
52c2fc62daccc1804233d9fedc3c7e2ffb43b7656df6cdad5605424c5b697e7d
-
SHA512
abc8324d6f01e742a915245dc8c5d2c86ed08b2b9d839267b6cb7a561fdcd3cc68d66a3a5de78181e85053f71bfda4dd27e38bd7222a1b3503a149ea422b98c7
-
SSDEEP
24576:OLq49A5mvbuhZUTdeuUVk1BrboU4Dwptk5BkA+MEf:OLxSAb0QB6wgcn/f
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-