General
-
Target
GMScraper Setup.exe
-
Size
6.3MB
-
Sample
230321-d5r1csgf82
-
MD5
35e2983ce8875de8150a7b5f3c1e66cb
-
SHA1
4e73eee236402f1f71275b0a3174e1f76fa6a04e
-
SHA256
f203502e2184b760cf630337cd2406ca90d08b091d12289174d2f9b2a7825b1b
-
SHA512
b757727c53683ae2a855931bc05060041f493f4b70bf54610cd1f4af9fc3aacdccc336bd962f9d51033a1c93091d8188eabd6dfb6debd800bfe4097d61ed5de8
-
SSDEEP
98304:7kL1rioQlVhO0t96QkUT3mhtS62JiQQFQDuaOSdzywVCvZB7MPO+3TMB17:w1uoQlG0tPiRi7QFLzSdxVQZWB4n7
Static task
static1
Malware Config
Targets
-
-
Target
GMScraper Setup.exe
-
Size
6.3MB
-
MD5
35e2983ce8875de8150a7b5f3c1e66cb
-
SHA1
4e73eee236402f1f71275b0a3174e1f76fa6a04e
-
SHA256
f203502e2184b760cf630337cd2406ca90d08b091d12289174d2f9b2a7825b1b
-
SHA512
b757727c53683ae2a855931bc05060041f493f4b70bf54610cd1f4af9fc3aacdccc336bd962f9d51033a1c93091d8188eabd6dfb6debd800bfe4097d61ed5de8
-
SSDEEP
98304:7kL1rioQlVhO0t96QkUT3mhtS62JiQQFQDuaOSdzywVCvZB7MPO+3TMB17:w1uoQlG0tPiRi7QFLzSdxVQZWB4n7
-
Detected phishing page
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-