General
-
Target
79dc113a4194e48e01b39d39156ce6b3bd50e02a5b07c1e1f40dd6c4b4cea967
-
Size
5KB
-
Sample
220521-psmewsbbdn
-
MD5
3d83b9debba178eca1ba8fce39e15f7c
-
SHA1
9839eade0225a2f803cb539ca4f8237aed2e2040
-
SHA256
79dc113a4194e48e01b39d39156ce6b3bd50e02a5b07c1e1f40dd6c4b4cea967
-
SHA512
071ed4215873624fb9d2796d82bda6270928ab38d27d963c7c00ee300f9cb0390480ab67495abce0c8dd408bf3ab697f8e77efbbe2ad6cf32d9913e03e6f1671
Static task
static1
Behavioral task
behavioral1
Sample
Bolbi.vbs
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Bolbi.vbs
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Bolbi.vbs
-
Size
46KB
-
MD5
99ec3237394257cb0b5c24affe458f48
-
SHA1
5300e68423da9712280e601b51622c4b567a23a4
-
SHA256
ec17f950f6ee9c0c237d93bc0b766aa6e2ab458c70320b534212043128177b51
-
SHA512
af2394d18f672def6d5d7081def759093759205aac0390ca03591c58c15a02e463a68b583b6fc28ef1368922b4bd5f9072d570ee97a955250a478cdb093500cb
-
Blocklisted process makes network request
-
Disables cmd.exe use via registry modification
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-