General
-
Target
Bootstrapper.exe
-
Size
81.0MB
-
Sample
241204-s7tz3avqdn
-
MD5
840276a95bfdf1a3c03f97d34eefaadf
-
SHA1
d2bf4baf4096981ce08887ed91e88c1dfe5a1472
-
SHA256
71739aafa93c4527a94096f0140789e04c96c786d5f7cf6022e7d2ed338777e4
-
SHA512
e511cccd390d7d4bc3e3f818d453681d29c2927e4d576f8cd4e41755f7b7ab4a6563f6f56e1162351bf333ee110d4a55cf7f9c612e50e94b999c13fbbdeb6e50
-
SSDEEP
1572864:XGKlEWhsmwSk8IpG7V+VPhqYdfmE7FliwiYgj+h58sMwGybhiDENjwJq:WKe4smwSkB05awcfNwy5SybGW
Malware Config
Targets
-
-
Target
Bootstrapper.exe
-
Size
81.0MB
-
MD5
840276a95bfdf1a3c03f97d34eefaadf
-
SHA1
d2bf4baf4096981ce08887ed91e88c1dfe5a1472
-
SHA256
71739aafa93c4527a94096f0140789e04c96c786d5f7cf6022e7d2ed338777e4
-
SHA512
e511cccd390d7d4bc3e3f818d453681d29c2927e4d576f8cd4e41755f7b7ab4a6563f6f56e1162351bf333ee110d4a55cf7f9c612e50e94b999c13fbbdeb6e50
-
SSDEEP
1572864:XGKlEWhsmwSk8IpG7V+VPhqYdfmE7FliwiYgj+h58sMwGybhiDENjwJq:WKe4smwSkB05awcfNwy5SybGW
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-