General

  • Target

    Botstrap-Release-App-x64.zip

  • Size

    8.9MB

  • MD5

    98d939ca116a52edeb04ee2f86bbcd68

  • SHA1

    cac2f9b16383a713ccd493d1376dbe6ded164b08

  • SHA256

    4bc5d9c5e723724a3df7e77d2b790414fe21584234731d6b8ac018168a79ac3c

  • SHA512

    919d2f02eca661f6c54f21710201bdd41ae85e729294e166e465cdbb286d2b2b7a9f261d8017c4dfd2bb5d6b5d409de9f3ffd9a726e8b638655fbbcf6552ebd3

  • SSDEEP

    196608:N1EVQ+1lmnc6bCn0swW6mx7LXtygTFhC+Ic3lxwFBHTNb:rmDmcuCRwW6mx7LdXFhCkTiBH1

Score
9/10

Malware Config

Signatures

  • CryptOne packer 1 IoCs

    Detects CryptOne packer defined in NCC blogpost.

Files

  • Botstrap-Release-App-x64.zip
    .zip

    Password: xeno

  • Bootstrapper.exe.lnk
    .lnk
  • README.txt
  • autoexec/bin
    .dll regsvr32 windows:5 windows x86 arch:x86

    Password: xeno

    a9fd3e7f71a802c8eee0a502f46de991


    Code Sign

    Headers

    Imports

    Exports

    Sections