General
-
Target
HorrorBob2.exe
-
Size
11.9MB
-
Sample
241112-em36cavcjr
-
MD5
9331b20120075b2685d3888c196f2e34
-
SHA1
1af7d3dc4576ef8aaa06fa3199cf422b7657950b
-
SHA256
98a804d373c7e0e4f80155df20358436e066ecf31c522c31df2ba46923ac68c2
-
SHA512
83636067d46b1362a6e0e5af56222d170d337fa7b0c4048b8f04c9df0ca35c3634a7254e6226886b00f9894e4353d6ac6b2e4e760bab320058cebe37c7c0cd7b
-
SSDEEP
196608:zHvwfYWqhZPHE5D7cdPNPi17S+IRTX7UYVlj0EcLnKXanF6eeBUsjD2ABShiFiJt:vZ8R7c5527SpRTXQYVlYEGnKKF6eeWgO
Behavioral task
behavioral1
Sample
HorrorBob2.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
HorrorBob2.exe
-
Size
11.9MB
-
MD5
9331b20120075b2685d3888c196f2e34
-
SHA1
1af7d3dc4576ef8aaa06fa3199cf422b7657950b
-
SHA256
98a804d373c7e0e4f80155df20358436e066ecf31c522c31df2ba46923ac68c2
-
SHA512
83636067d46b1362a6e0e5af56222d170d337fa7b0c4048b8f04c9df0ca35c3634a7254e6226886b00f9894e4353d6ac6b2e4e760bab320058cebe37c7c0cd7b
-
SSDEEP
196608:zHvwfYWqhZPHE5D7cdPNPi17S+IRTX7UYVlj0EcLnKXanF6eeBUsjD2ABShiFiJt:vZ8R7c5527SpRTXQYVlYEGnKKF6eeWgO
Score10/10-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4