General
-
Target
GlassWireSetup.exe
-
Size
66.0MB
-
Sample
230206-1jn3xaga37
-
MD5
cbdff02625ef580bf509b60832bf06c3
-
SHA1
fd3ce416b3d8e4ce1af8b310a89e2ef58d25c263
-
SHA256
cc6174aa776a0b1bc29c8a466de095e281cc9a238dee7363196dbbdbb7bb2873
-
SHA512
4c2e645780466e58015e678c3dbd2041cdd39089d50d2afe7c250b5aa813023ff2b23a57cc0fe31986e4fb0f50f374feb5b45315e47da144f74875341a1f3964
-
SSDEEP
1572864:uHAyCN598RzIxTnHF7d1pXTygI9hbl0rcmjXFcI9BKvBiSVwzfZf4:ugJyoTHz1ByV1Sr3FcIXiALzW
Static task
static1
Behavioral task
behavioral1
Sample
GlassWireSetup.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
GlassWireSetup.exe
-
Size
66.0MB
-
MD5
cbdff02625ef580bf509b60832bf06c3
-
SHA1
fd3ce416b3d8e4ce1af8b310a89e2ef58d25c263
-
SHA256
cc6174aa776a0b1bc29c8a466de095e281cc9a238dee7363196dbbdbb7bb2873
-
SHA512
4c2e645780466e58015e678c3dbd2041cdd39089d50d2afe7c250b5aa813023ff2b23a57cc0fe31986e4fb0f50f374feb5b45315e47da144f74875341a1f3964
-
SSDEEP
1572864:uHAyCN598RzIxTnHF7d1pXTygI9hbl0rcmjXFcI9BKvBiSVwzfZf4:ugJyoTHz1ByV1Sr3FcIXiALzW
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-