2036682407dda8886713645492e16afb90d16c73929ba96fe4d82db36477681b | Triage

Submit
Reports

Overview

overview

8

Static

static

1

GLP_instal...et.exe

windows7-x64

8

GLP_instal...et.exe

windows10-2004-x64

7

Sharing

General

Target

GLP_installer_900223086_market.exe
Size

3.6MB
Sample

230331-wrw19sdf5v
MD5

5cdefa6986666fc708854285807d9be0
SHA1

0d716cd667bca72c800b605c5cb9e9a0d0343553
SHA256

2036682407dda8886713645492e16afb90d16c73929ba96fe4d82db36477681b
SHA512

aaf2e3933652b3f9b03a75650b377a44db97955ed49fc11d9d618ddac8d4c8198c388dd142262960cafb159d3e581139025a7969f2f16a8591afd04510673511
SSDEEP

49152:H08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRMnm7LBj:H08vdsGaQNgS1C6e6ngKpq/

Score

8^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

GLP_installer_900223086_market.exe

Resource

win7-20230220-en

bootkit discovery evasion persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

GLP_installer_900223086_market.exe

Resource

win10v2004-20230220-en

bootkit persistence

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  GLP_installer_900223086_market.exe
- Size
  
  3.6MB
- MD5
  
  5cdefa6986666fc708854285807d9be0
- SHA1
  
  0d716cd667bca72c800b605c5cb9e9a0d0343553
- SHA256
  
  2036682407dda8886713645492e16afb90d16c73929ba96fe4d82db36477681b
- SHA512
  
  aaf2e3933652b3f9b03a75650b377a44db97955ed49fc11d9d618ddac8d4c8198c388dd142262960cafb159d3e581139025a7969f2f16a8591afd04510673511
- SSDEEP
  
  49152:H08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRMnm7LBj:H08vdsGaQNgS1C6e6ngKpq/
Score

8^/10

bootkit discovery evasion persistence
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

behavioral2

bootkitpersistence

© 2018-2024

Terms | Privacy