General

  • Target

    HEUR-Trojan-Spy.MSIL.Bobik.gen-0e3c0990f00475aebe53158be9d68093947e98705aeb30020f839492b75470d7.exe

  • Size

    164KB

  • Sample

    220922-v91xhafhaq

  • MD5

    068fc2f4824a2a23e4dce306b897e9ec

  • SHA1

    7161a98ea46b3696d79c6a888a9c69584dca411c

  • SHA256

    0e3c0990f00475aebe53158be9d68093947e98705aeb30020f839492b75470d7

  • SHA512

    54871706422b8b4b495864f30049ef9e6153c0b4904d2cc0a19d4de48a65c1fd5fde23b8791c4d042aa4fc7321d4794e07c677ec5305de6e9e21bafa759fa017

  • SSDEEP

    3072:j3fkYW/5gjbnI3OkLFxD5tKdHDunqUpxwCAnuzPLqY:LMR/5gjbnI3OkLFxD5tKdHDunqIxynua

Malware Config

Targets

    • Target

      HEUR-Trojan-Spy.MSIL.Bobik.gen-0e3c0990f00475aebe53158be9d68093947e98705aeb30020f839492b75470d7.exe

    • Size

      164KB

    • MD5

      068fc2f4824a2a23e4dce306b897e9ec

    • SHA1

      7161a98ea46b3696d79c6a888a9c69584dca411c

    • SHA256

      0e3c0990f00475aebe53158be9d68093947e98705aeb30020f839492b75470d7

    • SHA512

      54871706422b8b4b495864f30049ef9e6153c0b4904d2cc0a19d4de48a65c1fd5fde23b8791c4d042aa4fc7321d4794e07c677ec5305de6e9e21bafa759fa017

    • SSDEEP

      3072:j3fkYW/5gjbnI3OkLFxD5tKdHDunqUpxwCAnuzPLqY:LMR/5gjbnI3OkLFxD5tKdHDunqIxynua

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

File Permissions Modification

1
T1222

Modify Registry

2
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Tasks