73427b83bd00a8745e5182d2cdb3727e654ae9af5e42befc45903027f6606597 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

BootstrapperNew.exe

windows10-2004-x64

9

Sharing

General

Target

BootstrapperNew.exe
Size

3.4MB
Sample

250415-yjqwdswwew
MD5

07b2ed9af56f55a999156738b17848df
SHA1

960e507c0ef860080b573c4e11a76328c8831d08
SHA256

73427b83bd00a8745e5182d2cdb3727e654ae9af5e42befc45903027f6606597
SHA512

3a982d1130b41e6c01943eee7fa546c3da95360afdad03bff434b9211201c80f22bd8bf79d065180010bc0659ee1e71febbfd750320d95811ee26a54ee1b34c6
SSDEEP

98304:HZXfHaFoQyDIvqkqXf0FglY1XOe97vLn:RaBqkSIglY1XOCnn

Score

9^/10

steam defense_evasion discovery execution phishing themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BootstrapperNew.exe

Resource

win10v2004-20250410-en

steam defense_evasion discovery execution phishing themida trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  BootstrapperNew.exe
- Size
  
  3.4MB
- MD5
  
  07b2ed9af56f55a999156738b17848df
- SHA1
  
  960e507c0ef860080b573c4e11a76328c8831d08
- SHA256
  
  73427b83bd00a8745e5182d2cdb3727e654ae9af5e42befc45903027f6606597
- SHA512
  
  3a982d1130b41e6c01943eee7fa546c3da95360afdad03bff434b9211201c80f22bd8bf79d065180010bc0659ee1e71febbfd750320d95811ee26a54ee1b34c6
- SSDEEP
  
  98304:HZXfHaFoQyDIvqkqXf0FglY1XOe97vLn:RaBqkSIglY1XOCnn
Score

9^/10

steam defense_evasion discovery execution phishing themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Detected potential entity reuse from brand STEAM.
  phishing steam
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Network Share Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

steamdefense_evasiondiscoveryexecutionphishingthemidatrojan

© 2018-2025

Terms | Privacy