General
-
Target
bootstrapper.exe.exe
-
Size
17.9MB
-
Sample
241110-k7qzeateqn
-
MD5
f902dfdfe5f6040f49412463bbc2416b
-
SHA1
72936f5f96b11c6c49ec63957a07acc0335411d9
-
SHA256
119374ee1a2d83dc540cd80e0919ff8771589f54edec8f44ab40b1a1de093d1e
-
SHA512
15a79777476dedf52f31f3cc6220ebb5708373cbd788bfd238fe90045a1d083d9bd3a29c203297382f2860cb3089b9663cb19a49b6dc514d00e76294d77357c9
-
SSDEEP
393216:9qPnLFXlrzQMDOETgsvfGKngKubAvEvwQU4vwmoTqo:EPLFXNzQREXhutvT/vwQo
Malware Config
Targets
-
-
Target
bootstrapper.exe.exe
-
Size
17.9MB
-
MD5
f902dfdfe5f6040f49412463bbc2416b
-
SHA1
72936f5f96b11c6c49ec63957a07acc0335411d9
-
SHA256
119374ee1a2d83dc540cd80e0919ff8771589f54edec8f44ab40b1a1de093d1e
-
SHA512
15a79777476dedf52f31f3cc6220ebb5708373cbd788bfd238fe90045a1d083d9bd3a29c203297382f2860cb3089b9663cb19a49b6dc514d00e76294d77357c9
-
SSDEEP
393216:9qPnLFXlrzQMDOETgsvfGKngKubAvEvwQU4vwmoTqo:EPLFXNzQREXhutvT/vwQo
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1