神戸・大阪のWEBシステム開発・制御組込みシステムなら株式会社アキュラへ。熟練したエンジニアと最先端の使いやすいUI・UXを得意とするデザイナーが所属するWEBクリエート事務所です
AQU'REX's Blog

Blob.boy.rar

Add the hash of Boy.exe and the C2 domain to your Organization's EDR/Firewall .

Initial triage suggests this archive contains components for a .NET-based payload or a script designed to exploit local system vulnerabilities. The "Blob" nomenclature often refers to binary large objects used in memory injection or obfuscated data storage. 2. File Metadata SHA-256: [Insert Hash Here] File Type: RAR Archive (v5.0+) Size: [Insert Size, e.g., 2.4 MB] Packer/Protector: [None / VMProtect / ConfuserEx] 3. Behavioral Analysis (Dynamic) Blob.Boy.rar

Use a forensic reader to check for unauthorized password blobs or GMSA account abuse if the infection occurred in an Active Directory environment. Add the hash of Boy

Found references to [PowerShell commands, API hooking, or credential harvesting]. MITRE ATT&CK Mapping: T1059: Command and Scripting Interpreter. T1055: Process Injection. T1112: Modify Registry. 5. Remediation & Recommendations Found references to [PowerShell commands, API hooking, or

Isolate affected host and terminate processes originating from the temporary directory.

Upon execution, the primary binary attempts to inject into explorer.exe or svchost.exe .

PAGETOP
Copyright © 株式会社アキュラ | AQU′REX All Rights Reserved.