30ccbded32fbade2c413501d93e8790890d7fe2e5a2edde34190106386daf261 | Triage

Submit
Reports

Overview

overview

8

Static

static

GLP_instal...et.exe

windows7-x64

8

GLP_instal...et.exe

windows10-2004-x64

7

Sharing

General

Target

GLP_installer_1000218456_market.exe
Size

3.6MB
Sample

221229-c8j89afc41
MD5

dc4482132a12fc7e7ecb50583adf744c
SHA1

9de2d7f584f587204ba6677ae6b4caa64749f37b
SHA256

30ccbded32fbade2c413501d93e8790890d7fe2e5a2edde34190106386daf261
SHA512

7f894a2bb467094823bb7bcf8019eca3ccf9db8f7fe3b2bb3280b6b41221c6af681b0ff59dc8c84ffe6bcc9fe2af5187af45fb744179a5323411cbf5f9b97d71
SSDEEP

49152:a08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRMnm7LBv:a08vdsGaQNgS1C6e6ngKpqr

Score

8^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

GLP_installer_1000218456_market.exe

Resource

win7-20220812-en

bootkit discovery evasion persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

GLP_installer_1000218456_market.exe

Resource

win10v2004-20221111-en

bootkit persistence

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  GLP_installer_1000218456_market.exe
- Size
  
  3.6MB
- MD5
  
  dc4482132a12fc7e7ecb50583adf744c
- SHA1
  
  9de2d7f584f587204ba6677ae6b4caa64749f37b
- SHA256
  
  30ccbded32fbade2c413501d93e8790890d7fe2e5a2edde34190106386daf261
- SHA512
  
  7f894a2bb467094823bb7bcf8019eca3ccf9db8f7fe3b2bb3280b6b41221c6af681b0ff59dc8c84ffe6bcc9fe2af5187af45fb744179a5323411cbf5f9b97d71
- SSDEEP
  
  49152:a08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRMnm7LBv:a08vdsGaQNgS1C6e6ngKpqr
Score

8^/10

bootkit discovery evasion persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

behavioral2

bootkitpersistence

© 2018-2025

Terms | Privacy