General

  • Target

    HorrorBob2.exe

  • Size

    11.9MB

  • Sample

    241112-eh934avbqc

  • MD5

    9331b20120075b2685d3888c196f2e34

  • SHA1

    1af7d3dc4576ef8aaa06fa3199cf422b7657950b

  • SHA256

    98a804d373c7e0e4f80155df20358436e066ecf31c522c31df2ba46923ac68c2

  • SHA512

    83636067d46b1362a6e0e5af56222d170d337fa7b0c4048b8f04c9df0ca35c3634a7254e6226886b00f9894e4353d6ac6b2e4e760bab320058cebe37c7c0cd7b

  • SSDEEP

    196608:zHvwfYWqhZPHE5D7cdPNPi17S+IRTX7UYVlj0EcLnKXanF6eeBUsjD2ABShiFiJt:vZ8R7c5527SpRTXQYVlYEGnKKF6eeWgO

Malware Config

Targets

    • Target

      HorrorBob2.exe

    • Size

      11.9MB

    • MD5

      9331b20120075b2685d3888c196f2e34

    • SHA1

      1af7d3dc4576ef8aaa06fa3199cf422b7657950b

    • SHA256

      98a804d373c7e0e4f80155df20358436e066ecf31c522c31df2ba46923ac68c2

    • SHA512

      83636067d46b1362a6e0e5af56222d170d337fa7b0c4048b8f04c9df0ca35c3634a7254e6226886b00f9894e4353d6ac6b2e4e760bab320058cebe37c7c0cd7b

    • SSDEEP

      196608:zHvwfYWqhZPHE5D7cdPNPi17S+IRTX7UYVlj0EcLnKXanF6eeBUsjD2ABShiFiJt:vZ8R7c5527SpRTXQYVlYEGnKKF6eeWgO

    • UAC bypass

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Probable phishing domain

    • Sets desktop wallpaper using registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks