Overview

overview

10

Static

static

Bolbi.vbs

windows7_x64

10

Bolbi.vbs

windows10-2004_x64

10
General
Target

79dc113a4194e48e01b39d39156ce6b3bd50e02a5b07c1e1f40dd6c4b4cea967

Size

5KB

Sample

220521-psmewsbbdn

Score
10/10
MD5

3d83b9debba178eca1ba8fce39e15f7c

SHA1

9839eade0225a2f803cb539ca4f8237aed2e2040

SHA256

79dc113a4194e48e01b39d39156ce6b3bd50e02a5b07c1e1f40dd6c4b4cea967

SHA512

071ed4215873624fb9d2796d82bda6270928ab38d27d963c7c00ee300f9cb0390480ab67495abce0c8dd408bf3ab697f8e77efbbe2ad6cf32d9913e03e6f1671

Malware Config
Targets
Target

Bolbi.vbs

MD5

99ec3237394257cb0b5c24affe458f48

Filesize

46KB

Score
10/10
SHA1

5300e68423da9712280e601b51622c4b567a23a4

SHA256

ec17f950f6ee9c0c237d93bc0b766aa6e2ab458c70320b534212043128177b51

SHA512

af2394d18f672def6d5d7081def759093759205aac0390ca03591c58c15a02e463a68b583b6fc28ef1368922b4bd5f9072d570ee97a955250a478cdb093500cb

Tags

Signatures

  • UAC bypass

    Tags

    TTPs

    Bypass User Account ControlDisabling Security ToolsModify Registry

  • Blocklisted process makes network request

  • Disables cmd.exe use via registry modification

    Tags

  • Modifies Installed Components in the registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

  • Possible privilege escalation attempt

    Tags

  • Sets file execution options in registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

  • Sets desktop wallpaper using registry

    Tags

    TTPs

    DefacementModify Registry

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
        Execution
          Exfiltration
            Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                Tasks

                static1

                Score
                N/A

                behavioral1

                Score
                10/10

                behavioral2

                Score
                10/10