General
-
Target
Bolbi.vbs
-
Size
46KB
-
Sample
220929-mnm5hsaec5
-
MD5
99ec3237394257cb0b5c24affe458f48
-
SHA1
5300e68423da9712280e601b51622c4b567a23a4
-
SHA256
ec17f950f6ee9c0c237d93bc0b766aa6e2ab458c70320b534212043128177b51
-
SHA512
af2394d18f672def6d5d7081def759093759205aac0390ca03591c58c15a02e463a68b583b6fc28ef1368922b4bd5f9072d570ee97a955250a478cdb093500cb
-
SSDEEP
384:m71ThEgivcqpCghtpCAhDnVLri57VurlgRL1xCLI05ej+1DPpUo/i/vFCbWZkraB:m7BGV95hIG1/d49gsCDsl
Static task
static1
Behavioral task
behavioral1
Sample
Bolbi.vbs
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Bolbi.vbs
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Bolbi.vbs
-
Size
46KB
-
MD5
99ec3237394257cb0b5c24affe458f48
-
SHA1
5300e68423da9712280e601b51622c4b567a23a4
-
SHA256
ec17f950f6ee9c0c237d93bc0b766aa6e2ab458c70320b534212043128177b51
-
SHA512
af2394d18f672def6d5d7081def759093759205aac0390ca03591c58c15a02e463a68b583b6fc28ef1368922b4bd5f9072d570ee97a955250a478cdb093500cb
-
SSDEEP
384:m71ThEgivcqpCghtpCAhDnVLri57VurlgRL1xCLI05ej+1DPpUo/i/vFCbWZkraB:m7BGV95hIG1/d49gsCDsl
-
Blocklisted process makes network request
-
Disables cmd.exe use via registry modification
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-