General
-
Target
reboot_launcher-10.0.5+10.0.5-windows-setup.exe
-
Size
71.8MB
-
Sample
250111-hl31qszjg1
-
MD5
eadc575824ee1bed4e20ed1440c2e7b7
-
SHA1
436ca1e785a660123bd6322302f1acafdc720406
-
SHA256
fdff6a2955b48375c9ce7c50615ebcf7c2862adf1fccf60616464db82ad90d14
-
SHA512
2e784a912b3673f9945cfddfb21176b7d81e22786f7e0ab7fbd567bd63bed8febb70da3197bd5d12586a63c0b89790c0fb01319ba3f22158a08930aa67a079af
-
SSDEEP
1572864:XC/TRo8Ai0HXF26JBFgplEdNu4/6hwH50tzAp//sbyj78huWIfI8FC:XC/TRhAzHXtFgpKPu4iZRa//sbyv8wf2
Static task
static1
Behavioral task
behavioral1
Sample
reboot_launcher-10.0.5+10.0.5-windows-setup.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
reboot_launcher-10.0.5+10.0.5-windows-setup.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
reboot_launcher-10.0.5+10.0.5-windows-setup.exe
-
Size
71.8MB
-
MD5
eadc575824ee1bed4e20ed1440c2e7b7
-
SHA1
436ca1e785a660123bd6322302f1acafdc720406
-
SHA256
fdff6a2955b48375c9ce7c50615ebcf7c2862adf1fccf60616464db82ad90d14
-
SHA512
2e784a912b3673f9945cfddfb21176b7d81e22786f7e0ab7fbd567bd63bed8febb70da3197bd5d12586a63c0b89790c0fb01319ba3f22158a08930aa67a079af
-
SSDEEP
1572864:XC/TRo8Ai0HXF26JBFgplEdNu4/6hwH50tzAp//sbyj78huWIfI8FC:XC/TRhAzHXtFgpKPu4iZRa//sbyv8wf2
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-