2b43714d8918635488c1d73acba773d71f288d65c0a02a8a2056fa15ae9cfba5 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

GLP_instal...et.exe

windows7-x64

8

GLP_instal...et.exe

windows10-2004-x64

7

Sharing

General

Target

GLP_installer_1000218456_market.exe
Size

3.6MB
Sample

230203-shy8gsfh26
MD5

ae506279188db415862b1b0652a779a4
SHA1

055fe9059e61e77803e614d107527b144cdf2201
SHA256

2b43714d8918635488c1d73acba773d71f288d65c0a02a8a2056fa15ae9cfba5
SHA512

0e5d9e0f9e6ce74f2814324343e6f754c2e917dad8423f085c55dac3cdfb3780fabd55c2df6460ba80d6a39d3f1e2eff74faefad7999495fd2634955c2a92c45
SSDEEP

49152:/08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRMnm7LBM:/08vdsGaQNgS1C6e6ngKpqI

Score

8^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

GLP_installer_1000218456_market.exe

Resource

win7-20220901-en

bootkit discovery evasion persistence

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

GLP_installer_1000218456_market.exe

Resource

win10v2004-20221111-en

bootkit persistence

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  GLP_installer_1000218456_market.exe
- Size
  
  3.6MB
- MD5
  
  ae506279188db415862b1b0652a779a4
- SHA1
  
  055fe9059e61e77803e614d107527b144cdf2201
- SHA256
  
  2b43714d8918635488c1d73acba773d71f288d65c0a02a8a2056fa15ae9cfba5
- SHA512
  
  0e5d9e0f9e6ce74f2814324343e6f754c2e917dad8423f085c55dac3cdfb3780fabd55c2df6460ba80d6a39d3f1e2eff74faefad7999495fd2634955c2a92c45
- SSDEEP
  
  49152:/08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRMnm7LBM:/08vdsGaQNgS1C6e6ngKpqI
Score

8^/10

bootkit discovery evasion persistence
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Modify Existing Service

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

behavioral2

bootkitpersistence

© 2018-2025

Terms | Privacy