truebot | 7c79ec3f5c1a280ffdf19d0000b4bfe458a3b9380c152c1e130a89de3fe04b63 | Triage

Sharing

General

Target

7c79ec3f5c1a280ffdf19d0000b4bfe458a3b9380c152c1e130a89de3fe04b63
Size

320KB
Sample

221223-ly893abd9v
MD5

f129c12b1bda7426f6b31682b42ee4b0
SHA1

318fdfec4575d1530a41c80274aa8caae7b7f631
SHA256

7c79ec3f5c1a280ffdf19d0000b4bfe458a3b9380c152c1e130a89de3fe04b63
SHA512

3dc49a227422a279aef19d180557a3d286fac18c9b9b925d2ca616675f38e05ef74d11c4b3c8f3908acd88e8eafd192a5290060773568e98fce4d91d571eaefe
SSDEEP

6144:zGJa9sNZpR6mTjomlHcnNSfRwz4DLW3HkT7370+C0vXoM+:zIa9MnXjvi4fXLSkTP0sXV+

Score

10^/10

truebot

Malware Config

Extracted

Family

truebot

C2

nefosferta.com/gate.php

Targets

- Target
  
  7c79ec3f5c1a280ffdf19d0000b4bfe458a3b9380c152c1e130a89de3fe04b63
- Size
  
  320KB
- MD5
  
  f129c12b1bda7426f6b31682b42ee4b0
- SHA1
  
  318fdfec4575d1530a41c80274aa8caae7b7f631
- SHA256
  
  7c79ec3f5c1a280ffdf19d0000b4bfe458a3b9380c152c1e130a89de3fe04b63
- SHA512
  
  3dc49a227422a279aef19d180557a3d286fac18c9b9b925d2ca616675f38e05ef74d11c4b3c8f3908acd88e8eafd192a5290060773568e98fce4d91d571eaefe
- SSDEEP
  
  6144:zGJa9sNZpR6mTjomlHcnNSfRwz4DLW3HkT7370+C0vXoM+:zIa9MnXjvi4fXLSkTP0sXV+
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2