Overview

overview

10

Static

static

10

BootstrapperNew.exe

windows7-x64

7

BootstrapperNew.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BootstrapperNew.exe

  • Size

    10.0MB

  • Sample

    250221-chdzjsslv5

  • MD5

    67e73f4417fda65b081f0fa55ac23b14

  • SHA1

    ae1bdb410b97ed3212cf649af364531d7a640a1b

  • SHA256

    c5792d15b0c5a001d8933ab76b92404c38f4d390540cb079b623a24de4d6abb0

  • SHA512

    64f5ba113cd64cf3fa62415ebfe4360e6086c46fed5e4c975c3625bd483e3b7ae35e058841eedabb9e2a123c2b4f75adf288bea6f8c1002af72106a828f74110

  • SSDEEP

    196608:WWO069YASYMYYBKpYDXcbwO/ikbwfI9jUCD6rlaZLH7qRGrGIYUoZy8FUsOnAov:jEHOXcb1inIH20drLYRZjov

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      BootstrapperNew.exe

    • Size

      10.0MB

    • MD5

      67e73f4417fda65b081f0fa55ac23b14

    • SHA1

      ae1bdb410b97ed3212cf649af364531d7a640a1b

    • SHA256

      c5792d15b0c5a001d8933ab76b92404c38f4d390540cb079b623a24de4d6abb0

    • SHA512

      64f5ba113cd64cf3fa62415ebfe4360e6086c46fed5e4c975c3625bd483e3b7ae35e058841eedabb9e2a123c2b4f75adf288bea6f8c1002af72106a828f74110

    • SSDEEP

      196608:WWO069YASYMYYBKpYDXcbwO/ikbwfI9jUCD6rlaZLH7qRGrGIYUoZy8FUsOnAov:jEHOXcb1inIH20drLYRZjov

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks