3a3414ce562b913626acf703284510d87d6b7c7ccbcd6859ee34248649fa1ce6

Sharing

Copy URL Twitter E-mail

General

Target

MyBot-MBR_v7.2.zip
Size

14.1MB
Sample

240821-jaaqgswekh
MD5

baac562ff7c05dc1f8fd400aa33b9594
SHA1

72a7ffd6f36fc0dddd8bb42d3942a19e5c8247fd
SHA256

3a3414ce562b913626acf703284510d87d6b7c7ccbcd6859ee34248649fa1ce6
SHA512

4ffffab4c999e6f14d7b2e137214475c7139c1d0aec1d748f945ad6ae3adc6e3aeb58b7c70efc078726e935613e334d117b7d4c310f799dbaf9c04f657a100db
SSDEEP

393216:iFj98Zxlp2fSaS6DRmceWDtmdT/yn2/40UWY7:aE2fO6DEfyu/y2/40UV

Score

10^/10

discovery

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://api.pushbullet.com/v2/pushes?active=true&limit=1

Targets

- Target
  
  MyBot-MBR_v7.2.zip
- Size
  
  14.1MB
- MD5
  
  baac562ff7c05dc1f8fd400aa33b9594
- SHA1
  
  72a7ffd6f36fc0dddd8bb42d3942a19e5c8247fd
- SHA256
  
  3a3414ce562b913626acf703284510d87d6b7c7ccbcd6859ee34248649fa1ce6
- SHA512
  
  4ffffab4c999e6f14d7b2e137214475c7139c1d0aec1d748f945ad6ae3adc6e3aeb58b7c70efc078726e935613e334d117b7d4c310f799dbaf9c04f657a100db
- SSDEEP
  
  393216:iFj98Zxlp2fSaS6DRmceWDtmdT/yn2/40UWY7:aE2fO6DEfyu/y2/40UV
Score

1^/10
behavioral1 behavioral2
- Target
  
  MyBot-MBR_v7.2/README.md
- Size
  
  2KB
- MD5
  
  d1cb1c46de3fee39f8074754fedcb061
- SHA1
  
  d378c1b1bf0cb9a18ea0fd4689f7e37b3be81ca3
- SHA256
  
  9f31b90ebf00ac187223a64cd49f82dd8a632c4f4c8e422a7e10eabb0267ff2d
- SHA512
  
  a945c1231855d68e7302d97963da7b4f5b975914f8cc39ecf89ea47f6b5f5a98a687723c82d48ef466ad25f835ec73df3d67492d9f99ad3e2fbc5c5b2b62bb3d
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  MyBot-MBR_v7.2/Strategies/TH9 Shuttered GoWiPe Scripted Attack.ini
- Size
  
  6KB
- MD5
  
  30f6ccdff2aa2c512c8e95fd0972162b
- SHA1
  
  f4b3567c5419ef2967d51ea109199960bad3f85d
- SHA256
  
  f571cb299b93ab3ce6e3ec6723848390f1fce4259ebea1c2501e05e3364a19cb
- SHA512
  
  40300ba8cda1b10235ef2a59b49577be304d48c2376c9d574a9b377e65c3b64ba290f1ade3b2191f4b8f614a9401cc25ff89bf2f097774401e95c179b9d008d2
- SSDEEP
  
  96:zCOEqKW/9esOe7PtFt1NqJF6sU+1a0WfvqlgoXj6REMUzkVUTSuF5o11o9:AWGHJU+1a0WqXj6REMnUTSu71
Score

1^/10
behavioral5 behavioral6
- Target
  
  MyBot-MBR_v7.2/images/Button/BarrackBoosted.png
- Size
  
  918B
- MD5
  
  b8f000b26c63958481d42ea283aaa356
- SHA1
  
  a85a47057d29cda2be3337586fbe3664861608dc
- SHA256
  
  5e00f6892e94db965ecfa4bc7d13d743cf01e4e1fe06f7fcee9c830bce0cbce0
- SHA512
  
  06fd95cca5662e8834385b3fd65319250eae68821a2d05aac0ee119ab3115298bb569c175173f1391efe2fe149b87e306a80304475d9e0d09540705c21e1eca8
Score

3^/10
behavioral7 behavioral8
- Target
  
  MyBot-MBR_v7.2/images/Button/BoostAllBarracks.png
- Size
  
  1KB
- MD5
  
  d17baf37907e8306eda894932cf246b7
- SHA1
  
  8fd8cf841993066f446f32bf45a818eece38376f
- SHA256
  
  a27c52eedea3975a2f52ca05072273cb987f2f610b04501ba525a64e960c32b0
- SHA512
  
  5ce5c6a366cbdbec75711c494280d03cba35d393fb5966f9a9662972a828d560a2192f6c2f4c5195742f4ea4af0b83f9bb49f2a70e91c96feaa15952e1a7360b
Score

3^/10
behavioral10 behavioral9
- Target
  
  MyBot-MBR_v7.2/images/Button/BoostBarrack.png
- Size
  
  1KB
- MD5
  
  7b3cd9b7da9458d072b8dab3953701e5
- SHA1
  
  3b0ab3885d28da6035416c3f1f69a8316c790e35
- SHA256
  
  f1d9eb55aed3e68f0eb90f4ecdefa80ab6057c756f5605c0a318011171f11787
- SHA512
  
  1c9260783c092b3cdcafb7e009be5264653195fef54e073b87c1797bb0af8f537a6fc2996b3c4f5ebb808eb78678bfeabfefe29888b4ffedafc0c938846ec41b
Score

3^/10
behavioral11 behavioral12
- Target
  
  MyBot-MBR_v7.2/images/Button/Inferno.png
- Size
  
  1KB
- MD5
  
  d69295fe9c15c55b393f9884e51d1a87
- SHA1
  
  d7965d76a34062186b250691647f7eb12babc193
- SHA256
  
  7120086fabbc6ab9ca6c9852454277cdfef1513f0b5d7f2e4a3c198f49b7e2b2
- SHA512
  
  96afa52251b8537c17d2f4ff53da4ee2e3e5978d82faa8c2c425f2aa9797b6c992c8181ffd87701f9317c1c7d108398341b5587c59ea9ed2036fa06abadb0a55
Score

3^/10
behavioral13 behavioral14
- Target
  
  MyBot-MBR_v7.2/images/Button/Traps.png
- Size
  
  1KB
- MD5
  
  e92aa6484f8533b19798c57da7297022
- SHA1
  
  aa63e7a63542a305060d20da2cc7411ebdee621f
- SHA256
  
  97c68a1f495d4c878ed4ae5056c02321a41d347d141dfc56161d556bc472ead8
- SHA512
  
  60a695e2dc34cd4b302f58335dfdd7851a3b9b6f16f6c507932cd7a5a73099cde7f02c3266ae2b8dd565fcabfc68106723f331dbfd6b3d781df7e695a9dd4ae5
Score

3^/10
behavioral15 behavioral16
- Target
  
  MyBot-MBR_v7.2/images/Button/Xbow.png
- Size
  
  1KB
- MD5
  
  a629a2eaa915a092c801aa702063d1a5
- SHA1
  
  57a20b205a1d576d4bb9bc1f523ddf30685499da
- SHA256
  
  2fd869e7bfeac33a3612933260666135ab9cb87288181997e55a23463f526ab8
- SHA512
  
  df10cd60b073003bec532714f8ec385c9fd62d750f937d2560c9a9448531a8799980501b478a3d9f0f8045f2ebcf50ddcfc6ad0ba3654fa4590594a00bd84e6c
Score

3^/10
behavioral17 behavioral18
- Target
  
  MyBot-MBR_v7.2/images/CapacityStructure/elixir_0_0_70_A.bmp
- Size
  
  150B
- MD5
  
  71b1df6296e165066b2a4533e3371107
- SHA1
  
  7423df1267780e8704607e4e0071bc7667c5051e
- SHA256
  
  5eafade8776157a2197b5dc66cefcca99766dcac971562157a6311b11485190c
- SHA512
  
  b3b1e8eeac46e63928831e9c08bfae142675202875523cf57651f41bbbd7e9001911587ae771f19d5d57dd3243ae4dd3b18331a57809ef9d363286e151220308
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  MyBot-MBR_v7.2/images/CapacityStructure/elixir_0_0_70_B.bmp
- Size
  
  134B
- MD5
  
  5beb543d3bf7da8a1281a2022d63ade9
- SHA1
  
  42aa43040a39ac482d2c21502f360efb831d285f
- SHA256
  
  bdc60339ab5abd15c45927d1c0c02570d8c517828d5e733614697ad4c8dccd43
- SHA512
  
  32973c5b747d39f480e46481c27e18b773623b11f2d8d0b899eeb52102e7af107512f73ac266709abfae7d4bd382584ecfdd3dd743e82b239b47ed8679041425
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21 behavioral22
- Target
  
  MyBot-MBR_v7.2/images/CapacityStructure/elixir_0_0_70_C.bmp
- Size
  
  174B
- MD5
  
  3f9c091b88745e7e399f147c36d069c1
- SHA1
  
  08c183aced7cf0f66f67e89cd2b807ede815ee0c
- SHA256
  
  48893c7fe26da270e80cb0537b0212d7085066078478301f02e6fd3441fbd608
- SHA512
  
  e4cec45f0be557eeb63260750b7bbbdb3ff68b3ac163b87e5257237ebf1b006e12513cbc98253c506ca43d50be8aa63c680ddd88bcdc6458521fcefdf9a7f992
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral23 behavioral24
- Target
  
  MyBot-MBR_v7.2/images/CapacityStructure/elixir_0_0_70_D.bmp
- Size
  
  174B
- MD5
  
  54cc75ba03ec80acdd78f80f4fa11b41
- SHA1
  
  0a8d5e6d032810de313138fbf153c2cb6442d45e
- SHA256
  
  98695c69d5ea37b52b2c07833ae74db9a350ef70f1cd22551e7ca06f92fd7db0
- SHA512
  
  0aad80db2484d18250a913434920c782eb9b3f99dd027ced92a3a6161d037cd80d258776f95246476b27fb4ce58821706ad4c5785417af54e1ea8c7fa40cfaf2
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26
- Target
  
  MyBot-MBR_v7.2/images/CapacityStructure/elixir_0_0_70_E.bmp
- Size
  
  154B
- MD5
  
  ac3ab7bbe4092b4f115677ece6d070a1
- SHA1
  
  a8a9831b7773a3ea08e401a018c931f67f8e1006
- SHA256
  
  a8d3d01eae3ed452594d6db4b2a509c30be6aae68ad9a834ae204bb25c1cc132
- SHA512
  
  87a12b885ce72e737189fbf4696eff30a8d677a01cbf4bffdf4e690595573d92837e5bf56368f4c9b047a62b5954218e822ed319c7544b23cbaca811515b209b
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral27 behavioral28
- Target
  
  MyBot-MBR_v7.2/images/CapacityStructure/elixir_0_0_70_I.bmp
- Size
  
  150B
- MD5
  
  50dba7e20c49344de0e68da4f566d218
- SHA1
  
  eb96cafd7de5bb7d523ff8782740341a9e786705
- SHA256
  
  516e15936d072ca9f631018a11c8b92c347d53fb44d499f6ddbbed8ae36212e7
- SHA512
  
  b97694af5bdb282284ad42dfd09a545a38dfce2ce20d66dc45aa140f9e32dfef8760fd330e22665c7a5ce70eae72c9950723dce5d7f25373ef123f652f0b495c
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral29 behavioral30
- Target
  
  MyBot-MBR_v7.2/images/CapacityStructure/elixir_0_0_70_J.bmp
- Size
  
  150B
- MD5
  
  3171378e8bc9c24552820ab42341ae23
- SHA1
  
  5b59d8245ecaaf7a415342050e81fdd1189b43e1
- SHA256
  
  026568da061f01a3ee87480520317530e4caa81eabbf85c7c9bd22ba03afdda7
- SHA512
  
  cb8f4ea6b54958b5eb38894220083ac24b53b1206af8dc77181a7b2b1d710cd0c94189e4d84b14e3b0bad7c09ad3e8d7377957dfbc3f2c0492e4d14cc6418266
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32