97804a112500c22565e2c53d0f57db2a39210c08d2cfaab294294ebf268cc374 | Triage

Sharing

General

Target

Bootstrapper.exe
Size

339KB
Sample

250218-kwd6gayqds
MD5

fa69bf7d10c3b170e62a858ed37dae86
SHA1

8dd6f73f10ea074e7c0885efbc0656adbaf22164
SHA256

97804a112500c22565e2c53d0f57db2a39210c08d2cfaab294294ebf268cc374
SHA512

5f5c8324d9c2e937fd7ed7f9a11706bc23f0f62362d47c97b8836a1f71d4ac0f938153a271f2e077330dccea1206582563291de748d61d1a806d959129468275
SSDEEP

6144:PgKasiALqxCcuUdsuAWoXhslQonB6x90cy83A/pHPNMibcWhRNTkM5Sp:WJCcfTAxsl9+91A/1yEhRRkp

Score

7^/10

discovery spyware stealer

Malware Config

Targets

- Target
  
  Bootstrapper.exe
- Size
  
  339KB
- MD5
  
  fa69bf7d10c3b170e62a858ed37dae86
- SHA1
  
  8dd6f73f10ea074e7c0885efbc0656adbaf22164
- SHA256
  
  97804a112500c22565e2c53d0f57db2a39210c08d2cfaab294294ebf268cc374
- SHA512
  
  5f5c8324d9c2e937fd7ed7f9a11706bc23f0f62362d47c97b8836a1f71d4ac0f938153a271f2e077330dccea1206582563291de748d61d1a806d959129468275
- SSDEEP
  
  6144:PgKasiALqxCcuUdsuAWoXhslQonB6x90cy83A/pHPNMibcWhRNTkM5Sp:WJCcfTAxsl9+91A/1yEhRRkp
Score

7^/10

discovery spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer