General
-
Target
Bolbi.vbs
-
Size
1.1MB
-
Sample
240422-nrn2naah8v
-
MD5
584f03161a17b36b2f5163dd85bc0b77
-
SHA1
04dad07d0146ff09c0dacc3f248dbda16055a609
-
SHA256
ee2a2b418e82683de196beb5d4f6cb213e7579d783b06b9949f4a988f515b324
-
SHA512
530ef231a0fea29700d8bbffa5ed40b4cc05b96323fcbd853e86f050362d84f8a5250387f86a47ec0f103a76b00bada9c352a3c6c76736740984732c184003ff
-
SSDEEP
24576:gjSdueeKiZeXA940z802o5mNBriKgcdgUixQsUgk:gjSduKCeA2oqdJqfk
Static task
static1
Behavioral task
behavioral1
Sample
Bolbi.vbs
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
Bolbi.vbs
-
Size
1.1MB
-
MD5
584f03161a17b36b2f5163dd85bc0b77
-
SHA1
04dad07d0146ff09c0dacc3f248dbda16055a609
-
SHA256
ee2a2b418e82683de196beb5d4f6cb213e7579d783b06b9949f4a988f515b324
-
SHA512
530ef231a0fea29700d8bbffa5ed40b4cc05b96323fcbd853e86f050362d84f8a5250387f86a47ec0f103a76b00bada9c352a3c6c76736740984732c184003ff
-
SSDEEP
24576:gjSdueeKiZeXA940z802o5mNBriKgcdgUixQsUgk:gjSduKCeA2oqdJqfk
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
6File and Directory Permissions Modification
1