General
-
Target
BootstrapperNew (2).exe
-
Size
2.9MB
-
Sample
250220-jtgyxazmfx
-
MD5
f227cdfd423b3cc03bb69c49babf4da3
-
SHA1
3db5a97d9b0f2545e7ba97026af6c28512200441
-
SHA256
cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8
-
SHA512
b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e
-
SSDEEP
49152:xlcyXfHnaBTof9ePCjkIAm1skqXfd+/9A9ByClY1v/a/ehH7pNLLn2:DZXfHaFoCIvqkqXf0FglY1XOe97vLn
Static task
static1
Behavioral task
behavioral1
Sample
BootstrapperNew (2).exe
Resource
win11-20250217-en
Behavioral task
behavioral2
Sample
BootstrapperNew (2).exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
BootstrapperNew (2).exe
-
Size
2.9MB
-
MD5
f227cdfd423b3cc03bb69c49babf4da3
-
SHA1
3db5a97d9b0f2545e7ba97026af6c28512200441
-
SHA256
cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8
-
SHA512
b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e
-
SSDEEP
49152:xlcyXfHnaBTof9ePCjkIAm1skqXfd+/9A9ByClY1v/a/ehH7pNLLn2:DZXfHaFoCIvqkqXf0FglY1XOe97vLn
-
Meduza Stealer payload
-
Meduza family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-