General

  • Target

    ProtowareBootstrapper.exe

  • Size

    1.2MB

  • Sample

    241104-b4trfs1app

  • MD5

    33dc8969e5aaca694f946e2d62cf0452

  • SHA1

    964a17adaf91b39d26cf41e4dbc4da25a1bd2c3a

  • SHA256

    52c2fc62daccc1804233d9fedc3c7e2ffb43b7656df6cdad5605424c5b697e7d

  • SHA512

    abc8324d6f01e742a915245dc8c5d2c86ed08b2b9d839267b6cb7a561fdcd3cc68d66a3a5de78181e85053f71bfda4dd27e38bd7222a1b3503a149ea422b98c7

  • SSDEEP

    24576:OLq49A5mvbuhZUTdeuUVk1BrboU4Dwptk5BkA+MEf:OLxSAb0QB6wgcn/f

Score
9/10

Malware Config

Targets

    • Target

      ProtowareBootstrapper.exe

    • Size

      1.2MB

    • MD5

      33dc8969e5aaca694f946e2d62cf0452

    • SHA1

      964a17adaf91b39d26cf41e4dbc4da25a1bd2c3a

    • SHA256

      52c2fc62daccc1804233d9fedc3c7e2ffb43b7656df6cdad5605424c5b697e7d

    • SHA512

      abc8324d6f01e742a915245dc8c5d2c86ed08b2b9d839267b6cb7a561fdcd3cc68d66a3a5de78181e85053f71bfda4dd27e38bd7222a1b3503a149ea422b98c7

    • SSDEEP

      24576:OLq49A5mvbuhZUTdeuUVk1BrboU4Dwptk5BkA+MEf:OLxSAb0QB6wgcn/f

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks