General

  • Target

    BootstrapperNew (2).exe

  • Size

    2.9MB

  • Sample

    250220-j5w7zaslv8

  • MD5

    f227cdfd423b3cc03bb69c49babf4da3

  • SHA1

    3db5a97d9b0f2545e7ba97026af6c28512200441

  • SHA256

    cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8

  • SHA512

    b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e

  • SSDEEP

    49152:xlcyXfHnaBTof9ePCjkIAm1skqXfd+/9A9ByClY1v/a/ehH7pNLLn2:DZXfHaFoCIvqkqXf0FglY1XOe97vLn

Malware Config

Targets

    • Target

      BootstrapperNew (2).exe

    • Size

      2.9MB

    • MD5

      f227cdfd423b3cc03bb69c49babf4da3

    • SHA1

      3db5a97d9b0f2545e7ba97026af6c28512200441

    • SHA256

      cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8

    • SHA512

      b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e

    • SSDEEP

      49152:xlcyXfHnaBTof9ePCjkIAm1skqXfd+/9A9ByClY1v/a/ehH7pNLLn2:DZXfHaFoCIvqkqXf0FglY1XOe97vLn

    • Meduza

      Meduza is a crypto wallet and info stealer written in C++.

    • Meduza Stealer payload

    • Meduza family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Network Share Discovery

      Attempt to gather information on host network.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks