Overview

overview

8

Static

static

1

ggguy.exe

windows7-x64

8

ggguy.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new-order-PO21019612_pdf.zip

  • Size

    292KB

  • Sample

    230327-vd3ffsgd7x

  • MD5

    b63ae78811be4eae8029f9fb4e7fcd97

  • SHA1

    6bc00df660e50b78e2605a132b055d529def4ca8

  • SHA256

    68865948019b62922ee525a02afd575fbfb8bbd6b30587c795b94f9b3e584c12

  • SHA512

    4ff0db41fdee4631edbd9f593e64135ebc2cde1dc03f7b1778099badf62c4dd72c43421f097d105627b6c641f28f5d70ac7c8813bf31ef82b844e544ad430f5f

  • SSDEEP

    6144:jyEq+hjpLuqtv307I3JtkOZucv5Xd9Cpb7ymm9djM6a:xq2jpLuqtv3cI3JtR/5XnqPW9dwD

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      ggguy.exe

    • Size

      305KB

    • MD5

      f1bb45d101bb09df8eeab91ec09bf8ee

    • SHA1

      64e29712f8a927634fdb31069917850dc04ab164

    • SHA256

      39e0ea6c750d6eb51c422e989ddbe3c19047c285256d882da9027ca564fe02da

    • SHA512

      db08c967c5237bc034bca292abd055fe7a8175ea00a432369cbf013197ebd25bd974a3c842c56eb69f847cb64c272c333dd4e97593586431b61af5260795615b

    • SSDEEP

      6144:/Ya6jXhwILuqtH307I3DtkOZuov5XdxCpbDymmKdjM6z:/YRRDLuqtH3cI3DtRl5XnqfWKdw8

    Score
    8/10
    spywarestealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks