General
-
Target
HEUR-Trojan-Spy.MSIL.Bobik.gen-0e3c0990f00475aebe53158be9d68093947e98705aeb30020f839492b75470d7.exe
-
Size
164KB
-
Sample
220922-v91xhafhaq
-
MD5
068fc2f4824a2a23e4dce306b897e9ec
-
SHA1
7161a98ea46b3696d79c6a888a9c69584dca411c
-
SHA256
0e3c0990f00475aebe53158be9d68093947e98705aeb30020f839492b75470d7
-
SHA512
54871706422b8b4b495864f30049ef9e6153c0b4904d2cc0a19d4de48a65c1fd5fde23b8791c4d042aa4fc7321d4794e07c677ec5305de6e9e21bafa759fa017
-
SSDEEP
3072:j3fkYW/5gjbnI3OkLFxD5tKdHDunqUpxwCAnuzPLqY:LMR/5gjbnI3OkLFxD5tKdHDunqIxynua
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan-Spy.MSIL.Bobik.gen-0e3c0990f00475aebe53158be9d68093947e98705aeb30020f839492b75470d7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
HEUR-Trojan-Spy.MSIL.Bobik.gen-0e3c0990f00475aebe53158be9d68093947e98705aeb30020f839492b75470d7.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
HEUR-Trojan-Spy.MSIL.Bobik.gen-0e3c0990f00475aebe53158be9d68093947e98705aeb30020f839492b75470d7.exe
-
Size
164KB
-
MD5
068fc2f4824a2a23e4dce306b897e9ec
-
SHA1
7161a98ea46b3696d79c6a888a9c69584dca411c
-
SHA256
0e3c0990f00475aebe53158be9d68093947e98705aeb30020f839492b75470d7
-
SHA512
54871706422b8b4b495864f30049ef9e6153c0b4904d2cc0a19d4de48a65c1fd5fde23b8791c4d042aa4fc7321d4794e07c677ec5305de6e9e21bafa759fa017
-
SSDEEP
3072:j3fkYW/5gjbnI3OkLFxD5tKdHDunqUpxwCAnuzPLqY:LMR/5gjbnI3OkLFxD5tKdHDunqIxynua
Score8/10-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Adds Run key to start application
-