truebot | 9bc00abf2471492c02cf87d2a4a9dad3fb6b438c0754c40f144d443af3f1ea6e | Triage

Sharing

General

Target

5.rar
Size

356KB
Sample

230409-r71xyadc61
MD5

4189274528054c6f9c88e738de8ae977
SHA1

67cd7b7a50a5a599022b2ceac3bfd51f37bcfcde
SHA256

9bc00abf2471492c02cf87d2a4a9dad3fb6b438c0754c40f144d443af3f1ea6e
SHA512

f19517b02dad9b4275f8a01beb8e0e1f6ceceeaca3b125df7e2ae70ff57290ca849569e3b8d1598c561ae17869a733e8feeb850704bb4978a3e998f034f7b107
SSDEEP

6144:d9/1S9/mGX50ehtqosK13BtSoUsfXR3MfGQNC/QvQYhZAKDNeIxXcXEjInrkZicq:d9/g9/N575RPJUaXRYGQ0/QIcZAGNeIe

Score

10^/10

truebot downloader

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://62.204.41.69/dll.png

Targets

- Target
  
  000000000/d0c95cfef2e6c85abb28ee971216b3bf.ps1
- Size
  
  384B
- MD5
  
  d0c95cfef2e6c85abb28ee971216b3bf
- SHA1
  
  a729fe71517182f119b16f144927a3a0ad228e08
- SHA256
  
  3356922900af9ccff15b60fe97e4fb77b4390b296e69ca45863bb4c3e62b0842
- SHA512
  
  fece87a9c76c7cef9b16dcca83e0243db80aa753e81715441349a8e92c1f6e8d2a7a413f597a773667078c5c32c2d085bc1339790b11e8f76b7a4d21051fa483
Score

10^/10

truebot downloader
- TrueBot payload
- TrueBot, Silence.Downloader
  A downloader attributed to Silence group first seen in 2017.
  downloader truebot
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  1/287b172c23da5426cf039ef55d959fbd.js
- Size
  
  67KB
- MD5
  
  287b172c23da5426cf039ef55d959fbd
- SHA1
  
  eb9b98d1f7c48d7f4dab8cd65a05fbd6dab6b08d
- SHA256
  
  f523d4bfcd07dd6d32441fcdb9342b35fb018606a9b0f1304f451dc67a7a3ccf
- SHA512
  
  78905b9d209838b57d31b86bb58c94ad3799608b5bb56f6c77e345afe5bf629b63c6f1b8934b41cadffa4f5a8b86f4b336f2e45d424fe3c50518c7ae6210a6d6
- SSDEEP
  
  1536:EMtPc6S1wxBOGKZUXldvp3yZEKs7+QhqWIoCqlO1wKF7x1tNRhn4xVNe/6BPfGMv:i1wxBOGKZUXldvp3yZEKs7+QhqWIoCqb
Score

10^/10

truebot downloader
- TrueBot payload
- TrueBot, Silence.Downloader
  A downloader attributed to Silence group first seen in 2017.
  downloader truebot
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  1/3c57867dc4bdeb8a7d55dfb7d8ef5008.js
- Size
  
  67KB
- MD5
  
  3c57867dc4bdeb8a7d55dfb7d8ef5008
- SHA1
  
  e083903420cb64a603d626699ab55e26e39995fc
- SHA256
  
  c3aaae4bb3952db93ac5d1514761a4490d6eea55ba2ab2f8ae8d306713183d3c
- SHA512
  
  a77cf3d005729235511024ad727bb8c9c76d7e96fe91a892b868e0939517e1910f3cb21d603824941c06b2c946d9810efd37772e9d99888546a1abf89d4727cc
- SSDEEP
  
  1536:EMtPc6S1wxBOGKZUXldvp3yZEKs7+QhqWIoCqlO1wKF7x1tNRhn4xVNe/6BPfGMe:i1wxBOGKZUXldvp3yZEKs7+QhqWIoCqK
Score

10^/10

truebot downloader
- TrueBot payload
- TrueBot, Silence.Downloader
  A downloader attributed to Silence group first seen in 2017.
  downloader truebot
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  1/922b1d765a3f88f8b0fb8ee3f71f3023.js
- Size
  
  67KB
- MD5
  
  922b1d765a3f88f8b0fb8ee3f71f3023
- SHA1
  
  4503ab32fe2e77360ea4c4b1882dffe448c68127
- SHA256
  
  37906b8349562bfb21048b0c20e26a26c721a649bb64803377de778d81c4036f
- SHA512
  
  6c4226a7ffa53a6c90a68b3ec65d2514965e14909e9c8db15865cb23955df699688980e8c4ce8b6ee30ca0327e9e2eec41b63e8e07ad41fa38a38d6eb7c11984
- SSDEEP
  
  1536:EMtPc6S1wxBOGKZUXldvp3yZEKs7+QhqWIoCqlO1wKF7x1tNRhn4xVNe/6BPfGMd:i1wxBOGKZUXldvp3yZEKs7+QhqWIoCqJ
Score

10^/10

truebot downloader
- TrueBot payload
- TrueBot, Silence.Downloader
  A downloader attributed to Silence group first seen in 2017.
  downloader truebot
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  1/b19781010225032c77834156cb1eb466.exe
- Size
  
  999KB
- MD5
  
  b19781010225032c77834156cb1eb466
- SHA1
  
  3400cae4f92e7d0f90db04d9a509b07354f4bad3
- SHA256
  
  727ece9ce520674301043223e126cfe89e2f70a958c1e42519a369f417f18032
- SHA512
  
  15cf3aeeb7c22efe2f41197bd9bfd41900ff8f5412680302617ff07564e5cdc8aec3f259e630719b91e90a506e39272419c9d382ad00cf954102f75efa14cb6f
- SSDEEP
  
  12288:CUNS4vmd09cEAZoEmyud1Abw4AenrtnbON6iBSsH7u5gwo+6cir4Xs/3M6iZfWuG:50P00ZnmVb4AkrtnDiBSad+crYssUw4
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

truebotdownloader

behavioral2

truebotdownloader

behavioral3

truebotdownloader

behavioral4

truebotdownloader

behavioral5

truebotdownloader

behavioral6

truebotdownloader

behavioral7

truebotdownloader

behavioral8

truebotdownloader

behavioral9

behavioral10