74591a60abf83dcc096f4495f1b8bc031aaaca4a276644d0134ca7505cb1ec53 | Triage

Submit
Reports

Overview

overview

8

Static

static

GLP_instal...et.exe

windows7-x64

8

GLP_instal...et.exe

windows10-2004-x64

8

Resubmissions

31-12-2022 16:51

221231-vdaqfaaa33 8

31-12-2022 16:42

221231-t7syfaaa24 8

31-12-2022 16:30

221231-tz265shh92 8

Sharing

General

Target

GLP_installer_1000218456_market.exe
Size

3.6MB
Sample

221231-vdaqfaaa33
MD5

a0a25bdacd989feb80f73dfccd8c37bc
SHA1

0eb7a30e7315594465e01ea42e103161e55087c0
SHA256

74591a60abf83dcc096f4495f1b8bc031aaaca4a276644d0134ca7505cb1ec53
SHA512

e71239fbf84e59747777080ffe988555d62cb2f5474064887742df10832682ac76f5112c531d9811318dc0a7ee810750149a6fc7e27082c8dd784680c507e0e7
SSDEEP

49152:v08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRMnm7LBd:v08vdsGaQNgS1C6e6ngKpqh

Score

8^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

GLP_installer_1000218456_market.exe

Resource

win7-20220812-en

bootkit discovery evasion persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

GLP_installer_1000218456_market.exe

Resource

win10v2004-20221111-en

bootkit discovery evasion persistence

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  GLP_installer_1000218456_market.exe
- Size
  
  3.6MB
- MD5
  
  a0a25bdacd989feb80f73dfccd8c37bc
- SHA1
  
  0eb7a30e7315594465e01ea42e103161e55087c0
- SHA256
  
  74591a60abf83dcc096f4495f1b8bc031aaaca4a276644d0134ca7505cb1ec53
- SHA512
  
  e71239fbf84e59747777080ffe988555d62cb2f5474064887742df10832682ac76f5112c531d9811318dc0a7ee810750149a6fc7e27082c8dd784680c507e0e7
- SSDEEP
  
  49152:v08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRMnm7LBd:v08vdsGaQNgS1C6e6ngKpqh
Score

8^/10

bootkit discovery evasion persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

behavioral2

bootkitdiscoveryevasionpersistence

© 2018-2024

Terms | Privacy