General
-
Target
Bootstrapper.exe
-
Size
23.3MB
-
Sample
241114-cr5hvswqek
-
MD5
e07b5bf0804b2ffc61783f4ec36f7adb
-
SHA1
dcf2cfb58bc36309307a5c60062b3da52ade2d0a
-
SHA256
0d640ed3daf513816f6f75b29bd07500206b03594ab9497fb941cfb051ef797b
-
SHA512
ac0b957f0f2807967027565d5dc7851e3383affc814c17c1a5889c70c93a0295421ec5af81c15298aed93ed3349c7d4be915f146fdf3a6c53aeb1b339973101e
-
SSDEEP
393216:hzv5/IiNlq1TTsWO5OGKdq4Nw5wqr1PF7V7Hfk7Vupj+RFgnj4gFuIdYWg3Gy5Be:1B/IizAsWO5Mc4Nm5PFRc7Qign0SwpGr
Static task
static1
Behavioral task
behavioral1
Sample
Bootstrapper.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
Bootstrapper.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Bootstrapper.exe
-
Size
23.3MB
-
MD5
e07b5bf0804b2ffc61783f4ec36f7adb
-
SHA1
dcf2cfb58bc36309307a5c60062b3da52ade2d0a
-
SHA256
0d640ed3daf513816f6f75b29bd07500206b03594ab9497fb941cfb051ef797b
-
SHA512
ac0b957f0f2807967027565d5dc7851e3383affc814c17c1a5889c70c93a0295421ec5af81c15298aed93ed3349c7d4be915f146fdf3a6c53aeb1b339973101e
-
SSDEEP
393216:hzv5/IiNlq1TTsWO5OGKdq4Nw5wqr1PF7V7Hfk7Vupj+RFgnj4gFuIdYWg3Gy5Be:1B/IizAsWO5Mc4Nm5PFRc7Qign0SwpGr
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Process Discovery
1Query Registry
2System Information Discovery
6System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Wi-Fi Discovery
1