truebot | 8c68d04eaf5388f87d6c05d202f53fe3c366f84ee08092d14aa4a00d66a6b760 | Triage

Sharing

General

Target

1681dd926ec9140b0338a772919db98d.bin
Size

204KB
Sample

230720-beyzwace5z
MD5

1681dd926ec9140b0338a772919db98d
SHA1

dd4fb3d4ca144d23324ba57e19847a65066e53ba
SHA256

8c68d04eaf5388f87d6c05d202f53fe3c366f84ee08092d14aa4a00d66a6b760
SHA512

21f63099925963b88cdaff3417decc483510945e0831ec7ea61b0397f3fb702cb8d5e047e8a21f4be656bd1952597f21bc2e6c1cf37209befb3981253b2736f4
SSDEEP

6144:7rpf8Fa7HdWFDTpZLWtSgVr2ZRX7UE0k3:5f8FM9ES1UZRXz3

Score

10^/10

truebot

Malware Config

Extracted

Family

truebot

C2

gbpooolfhbrb.com/gate.php

Targets

- Target
  
  b3d7005a06021286c84ed7f8293cba966e0137df769e80579df7f3c6a2d3c1f3
- Size
  
  335KB
- MD5
  
  a637c909097b250da561b12ae33e7486
- SHA1
  
  f71cc41357814b5c3b132aaaedd6a24ebbd0c102
- SHA256
  
  b3d7005a06021286c84ed7f8293cba966e0137df769e80579df7f3c6a2d3c1f3
- SHA512
  
  a02a4244947a3ca24d65a356b8ae405b4620884d033d29570a411c539f6e55eca0c579ab3b61de9a14e4eaec66417e57974ee7b28bb03e2728c359cef3168ce3
- SSDEEP
  
  6144:R1VH+po6EJ5IYW6eBveHVK8PNEt1ZJr0HkT7Npvm7sbnTH7Mx:3d4oR+YImEx/gkThp0wnTHYx
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2