Overview

overview

8

Static

static

1

GWSetup.exe

windows7-x64

8

GWSetup.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gw.zip

  • Size

    3.8MB

  • Sample

    230316-gknzrahc32

  • MD5

    b005ff92fff616b4328a719a73d69639

  • SHA1

    dfce863b4fa2351343703219bdc7a230c9741839

  • SHA256

    2dc7c602294fa5441e9995c2e8ecfd6caa6fd4dba6a76b15d409f5e8a4d4ac87

  • SHA512

    d7c718e3553d895dcf01eb13530c0659ddca77df85fe851c4dd7ee878cec62304861e6c5cc92e7c4a88f3d95e5322e546632fa709e274af0731b3137e4c94ce6

  • SSDEEP

    98304:RCShume0wAyc7fUbef/isc0G7BKoRRf7/Zv0ozR1Orq:RCShcO5/iaG7BK0t72grOO

Score
8/10
adwarediscoverypersistencestealer

Malware Config

Targets

    • Target

      GWSetup.exe

    • Size

      3.8MB

    • MD5

      8f839eb818419e2dd9f1cf17112ae04e

    • SHA1

      851befe0e6182ab117131d9cbf0b7ebf1e168b2f

    • SHA256

      866ffae3f045e05b9847d16463571c7ccf243b6e4deac3b4f8ee7ace094a5b9f

    • SHA512

      8d0f513e23c4eb9b1296a61e4d13fdb4f232ee2d8a0188fc5f68b5583aacb3631ec8e3593c139c817affd566f54c078882851b7c3549f328c34d22fe4aa06119

    • SSDEEP

      98304:j9/NV2Uvj+lyF7M2F/jVfAlSKCbmLqk/Uzgbk9OC3pPbCluuVJO:5n2ki6Ye+zpAXNZPmluuu

    Score
    8/10
    adwarediscoverypersistencestealer

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks