General
-
Target
https://cdn.discordapp.com/attachments/1310256244057178142/1313542262587658260/Bootstrapper.exe?ex=6750830f&is=674f318f&hm=ec6694cb32fb28b6b12d50268f26e35ffcb30197c2294db4a93b379b2701e8e6&
-
Sample
241203-t6cvtstmby
Score
9/10
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1310256244057178142/1313542262587658260/Bootstrapper.exe?ex=6750830f&is=674f318f&hm=ec6694cb32fb28b6b12d50268f26e35ffcb30197c2294db4a93b379b2701e8e6&
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Blocklisted process makes network request
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-