truebot | 55d1480cd023b74f10692c689b56e7fd6cc8139fb6322762181daead55a62b9e | Triage

Submit
Reports

Overview

overview

Static

static

55d1480cd0...9e.dll

windows7-x64

55d1480cd0...9e.dll

windows10-2004-x64

Sharing

General

Target

55d1480cd023b74f10692c689b56e7fd6cc8139fb6322762181daead55a62b9e
Size

600KB
Sample

221223-lzg7zabd9y
MD5

587acecdb9491e0897d1067eb02e7c8d
SHA1

b7bffdbbaf817d149bbd061070a2d171449afbfc
SHA256

55d1480cd023b74f10692c689b56e7fd6cc8139fb6322762181daead55a62b9e
SHA512

97401c5a3c5521b0a664037f25be86f1a47f48f721b3d42553f416a2d0ce75cb3e6e794c7446c79da493c0898b41cd97d8f4d31c32aa574a747e245fb6ee2003
SSDEEP

12288:kCIgGvRzuBMWhbrLDMyFueWIvpVHH4yc3K2n+Nb76sIJwYjX:kMhjD4ePVngKGEbmO8X

Score

10^/10

truebot downloader

Static task

static1

Behavioral task

behavioral1

Sample

55d1480cd023b74f10692c689b56e7fd6cc8139fb6322762181daead55a62b9e.dll

Resource

win7-20221111-en

truebot downloader

windows7-x64

8 signatures

1800 seconds

Behavioral task

behavioral2

Sample

55d1480cd023b74f10692c689b56e7fd6cc8139fb6322762181daead55a62b9e.dll

Resource

win10v2004-20221111-en

truebot downloader

windows10-2004-x64

9 signatures

1800 seconds

Malware Config

Extracted

Family

truebot

C2

nefosferta.com/gate.php

Targets

- Target
  
  55d1480cd023b74f10692c689b56e7fd6cc8139fb6322762181daead55a62b9e
- Size
  
  600KB
- MD5
  
  587acecdb9491e0897d1067eb02e7c8d
- SHA1
  
  b7bffdbbaf817d149bbd061070a2d171449afbfc
- SHA256
  
  55d1480cd023b74f10692c689b56e7fd6cc8139fb6322762181daead55a62b9e
- SHA512
  
  97401c5a3c5521b0a664037f25be86f1a47f48f721b3d42553f416a2d0ce75cb3e6e794c7446c79da493c0898b41cd97d8f4d31c32aa574a747e245fb6ee2003
- SSDEEP
  
  12288:kCIgGvRzuBMWhbrLDMyFueWIvpVHH4yc3K2n+Nb76sIJwYjX:kMhjD4ePVngKGEbmO8X
Score

10^/10

truebot downloader
- TrueBot payload
- TrueBot, Silence.Downloader
  A downloader attributed to Silence group first seen in 2017.
  downloader truebot
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

truebotdownloader

behavioral2

truebotdownloader

© 2018-2024

Terms | Privacy