Overview
overview
10Static
static
1GodMode9-v...59.zip
windows7-x64
1GodMode9-v...59.zip
windows10-2004-x64
GodMode9.firm
windows7-x64
3GodMode9.firm
windows10-2004-x64
3GodMode9.firm.sha
windows7-x64
3GodMode9.firm.sha
windows10-2004-x64
8GodMode9_dev.firm
windows7-x64
3GodMode9_dev.firm
windows10-2004-x64
3GodMode9_dev.firm.sha
windows7-x64
3GodMode9_dev.firm.sha
windows10-2004-x64
3README.md
windows7-x64
3README.md
windows10-2004-x64
3gm9/script...pt.ps1
windows7-x64
1gm9/script...pt.ps1
windows10-2004-x64
1gm9/script...er.gm9
windows7-x64
3gm9/script...er.gm9
windows10-2004-x64
3ntrboot/Go...r.firm
windows7-x64
3ntrboot/Go...r.firm
windows10-2004-x64
3ntrboot/Go...rm.sha
windows7-x64
3ntrboot/Go...rm.sha
windows10-2004-x64
3ntrboot/Go...v.firm
windows7-x64
3ntrboot/Go...v.firm
windows10-2004-x64
3ntrboot/Go...rm.sha
windows7-x64
3ntrboot/Go...rm.sha
windows10-2004-x64
3sample/Hel...ng.vbs
windows7-x64
1sample/Hel...ng.vbs
windows10-2004-x64
1sample/Hel...pt.vbs
windows7-x64
1sample/Hel...pt.vbs
windows10-2004-x64
1sample/Hel...ti.vbs
windows7-x64
1sample/Hel...ti.vbs
windows10-2004-x64
1General
-
Target
GodMode9-v2.1.1-20220322194259.zip
-
Size
2.5MB
-
Sample
230401-s9rbysba39
-
MD5
b63528fb75da0e9e5ea042dd8608610a
-
SHA1
86357bf32d32aaab48d28d331a0798aa377ba258
-
SHA256
2f0b8c5ea4e7923690e4c4424621c2f00cc40d3c62790a2389addc5ea8ba14a8
-
SHA512
d6516e0afceaa02a658b0501b1a0a15b6275dab9d5036ba37569e39995c90011f8356bb1b01a5dec690ee267c4c605326d45a272698b21150b75b3b183a89a4a
-
SSDEEP
49152:qpkeq3BQEHQK2XdU1qb2gXebJymkktaibGHJ/MlCJ5ewJ3D7IM+39D:Skeqx9QLdUU6gXuymkkbMTB33p+3J
Static task
static1
Behavioral task
behavioral1
Sample
GodMode9-v2.1.1-20220322194259.zip
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
GodMode9-v2.1.1-20220322194259.zip
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
GodMode9.firm
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
GodMode9.firm
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
GodMode9.firm.sha
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
GodMode9.firm.sha
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
GodMode9_dev.firm
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
GodMode9_dev.firm
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
GodMode9_dev.firm.sha
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
GodMode9_dev.firm.sha
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
README.md
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
README.md
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
gm9/scripts/GM9Megascript.ps1
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
gm9/scripts/GM9Megascript.ps1
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
gm9/scripts/NANDManager.gm9
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
gm9/scripts/NANDManager.gm9
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
ntrboot/GodMode9_ntr.firm
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
ntrboot/GodMode9_ntr.firm
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
ntrboot/GodMode9_ntr.firm.sha
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
ntrboot/GodMode9_ntr.firm.sha
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
ntrboot/GodMode9_ntr_dev.firm
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
ntrboot/GodMode9_ntr_dev.firm
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
ntrboot/GodMode9_ntr_dev.firm.sha
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
ntrboot/GodMode9_ntr_dev.firm.sha
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
sample/HelloBranching.vbs
Resource
win7-20230220-en
Behavioral task
behavioral26
Sample
sample/HelloBranching.vbs
Resource
win10v2004-20230220-en
Behavioral task
behavioral27
Sample
sample/HelloScript.vbs
Resource
win7-20230220-en
Behavioral task
behavioral28
Sample
sample/HelloScript.vbs
Resource
win10v2004-20230220-en
Behavioral task
behavioral29
Sample
sample/HelloSpaghetti.vbs
Resource
win7-20230220-en
Behavioral task
behavioral30
Sample
sample/HelloSpaghetti.vbs
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
GodMode9-v2.1.1-20220322194259.zip
-
Size
2.5MB
-
MD5
b63528fb75da0e9e5ea042dd8608610a
-
SHA1
86357bf32d32aaab48d28d331a0798aa377ba258
-
SHA256
2f0b8c5ea4e7923690e4c4424621c2f00cc40d3c62790a2389addc5ea8ba14a8
-
SHA512
d6516e0afceaa02a658b0501b1a0a15b6275dab9d5036ba37569e39995c90011f8356bb1b01a5dec690ee267c4c605326d45a272698b21150b75b3b183a89a4a
-
SSDEEP
49152:qpkeq3BQEHQK2XdU1qb2gXebJymkktaibGHJ/MlCJ5ewJ3D7IM+39D:Skeqx9QLdUU6gXuymkkbMTB33p+3J
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
-
-
Target
GodMode9.firm
-
Size
448KB
-
MD5
e178318d5cf7ca96edcff7fa9b0b9936
-
SHA1
e0c61084a8aa421dee81f4e815f3d414fbaf67da
-
SHA256
e398dfa929582e12861a3e90d8e8f435e5deb1d7d27a4cd9dc13057f3a9173ec
-
SHA512
98a494da7da4bf8a487c640cf4fbb5b27f03bc0302becfd69431d1adedcd263552e86108fd6f1836e9a8af678de501ff3a9a7eb944b102f6436a677fb465aaa5
-
SSDEEP
12288:AiB7SvN1M/euF4c35pjRm1C3xKobiFqxPP1wpTpKSI:XBUv0b35kkK3FqxPP1K7
Score3/10 -
-
-
Target
GodMode9.firm.sha
-
Size
32B
-
MD5
1d01fd0b33402e5ff44edebe9bd58614
-
SHA1
16f90b74c587b40c57e378e9c9c6f75edd3a7fdb
-
SHA256
de7339b5b21862877008d60e7816c9b0fb6d45aa5b6acfb713e6b0283536cc17
-
SHA512
b8d845231b6eea4c18f24ae17abe57c4d4aa73e2829506b7bf68070e9cd71cd446f3b227105b223ad1538454250f548c4b75892250a65055cf4b969a57c6ae66
Score8/10-
Disables Task Manager via registry modification
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
GodMode9_dev.firm
-
Size
448KB
-
MD5
23c0cdb57c54d803fe0ca838a4cff24a
-
SHA1
0520d7bb47cb3698536837af96dc71267712a578
-
SHA256
3ec182db894d7159ddaaa6cb68a61626fd014af06ca81633891626e9c356296a
-
SHA512
067c99569a3498cf73e400115cd9fd1a70e0cf839f5b7231e2dac1f0fff536e48847c8cca6ee212746b03ca33f1a560e2f49923f432067fc2a0179873592faa2
-
SSDEEP
12288:iiB7SvN1M/euF4c35pjRm1C3xKobiFqxPP1wpTpKSI:NBUv0b35kkK3FqxPP1K7
Score3/10 -
-
-
Target
GodMode9_dev.firm.sha
-
Size
32B
-
MD5
0083a4ca0c6c9563365ae589875808e7
-
SHA1
70f9d5aed9a5fc59138e27af281ab63642c818e9
-
SHA256
e5016cc97807aca8137c9e9f70c3e23f4305b4f14dd7d0603b3a852311f8833f
-
SHA512
433b60bd929b98962f70b38b965328a1c4822e4faf9bd5ad986f170a20239c79f8e925c49d4894a669fd6f44921d1f95bd32b1411ce2d7a5ffb8aafa442b4ce6
Score3/10 -
-
-
Target
README.md
-
Size
33KB
-
MD5
56d516a0b8b08c2c3ffc831cc1333150
-
SHA1
b0ddb188ec55d3ef4e95bcfa017d813581b5853c
-
SHA256
ee2c5bd769e09ea9550ac5a99067a4150de3b88741dda74a96cdf4951c337581
-
SHA512
001c3cac3094edfdb208b04f7320446da3cca3ba742e6a9873d1b2ee7a67144db033b5e71ef4a64dde44f5077bc8d3263e5ad57824290c0a2f23b38704097494
-
SSDEEP
384:IbZA6aciT2ygr91ckRrMm6993sp28SduGYIP5/oDMaGbIlj8gSSIFfPLGOhzhrt4:8bqnD8pIPVuG4QgohVhzhrSBIq43sL
Score3/10 -
-
-
Target
gm9/scripts/GM9Megascript.gm9
-
Size
64KB
-
MD5
5d71540b08e49fa853c1d907d33b0028
-
SHA1
743c462ae0df9975a10466bc019715b050c493c7
-
SHA256
ec6de66be12908f1504e42b27f74de4f874409cd98d5dc8c18c1d5e7ff415c17
-
SHA512
c3c34230d56ac751fdd3b01463a4bc51e97dc07ae20d0b60808dd5f0ae79405d078b8a1164bcb96ac28a5c6b9cd8443e563721fd1bf590ed91546361650ed61c
-
SSDEEP
1536:ZWCwM89wyFJBYG3LN5a4pjJOvBxMZifZyOKD+S:Z1wMtxMZi4
Score1/10 -
-
-
Target
gm9/scripts/NANDManager.gm9
-
Size
6KB
-
MD5
b6479f2cd61e2adae8816a5048e6c521
-
SHA1
a6f2989d765887f546a7880feaee7c1a6a9d1f63
-
SHA256
3000e146241e477588ee0566e40e987aa6f1f5e0d19e1bd152eb63d62dfb8c1e
-
SHA512
1a33eb5acc926a0da9c54ba2470b61154bba1b23f5aca247bfcd93160dbd2306eaeeec3be0a14d83ac024d665943821c68fdb8e26c35e1dedaae5b10c447ca11
-
SSDEEP
96:z5LUmITU2iXAwpaPa7606OfAl9JrZJhb4LK7IS2xaqwF:ztUm2U2iXhvSwA97nbG8t2V8
Score3/10 -
-
-
Target
ntrboot/GodMode9_ntr.firm
-
Size
522KB
-
MD5
8f61eb8dafe9e050be450be4cefab9ef
-
SHA1
1b155ce46d0dec3ff556c9060ce5d654ebb2212a
-
SHA256
1511e905f63e21f182d8c611eef8f409650d442e1c4c43df487576fe92316d86
-
SHA512
6abf7a7b61af57a4352d4651b161e2b000a7f7462ffd9d33bb13163fc1af4684800fb9c863da9a02f2a24eedc0f89396c1ed4d3211ce71956dcbb4b5bbf95c54
-
SSDEEP
12288:cKCzVEJiY3YpMVllfvg6x1QBfLPwVni3O4ylpqEMD:cK6VaiY3YGflf47MVn34ylpqEMD
Score3/10 -
-
-
Target
ntrboot/GodMode9_ntr.firm.sha
-
Size
32B
-
MD5
458675f53d327698cd7c0850b4bbba95
-
SHA1
ced5dd6f14a65ff5680c9b981865ee0eb6d82398
-
SHA256
299b011d7c2f839ddef0400e1e40fbe6321e03448655f1e5b9c97dc763f6d84c
-
SHA512
ee47c732c0a9abce39067b098b82177cfb35509129bb98229e87a6cf7f4f4f28f645a879c88f67a9f653a813a29b0403ca768198e7f8df05ae94834836c4d482
Score3/10 -
-
-
Target
ntrboot/GodMode9_ntr_dev.firm
-
Size
522KB
-
MD5
18ae8b01b5e0a2a43185f4092ec1ffd3
-
SHA1
afc83d466513dd293155b7f197a29ee54d63d8ba
-
SHA256
42e30b285db1ce2023aed1e9862994eff9c14b3f56a8e37c6de6f5aeeaa121a5
-
SHA512
620fe65f3d9623bd8b5fcadc71e384bed1f9cb93169e272031999557977b60f80ec8a1917d5e5e6e1002e374440f5854c2a35154310ac4bd08d62f2bf6923c43
-
SSDEEP
12288:JD8AKg32PhGQakewQMR3koxtLSdUtSo8Fg+gFhi2NiF3fpRuxH:tlx2PhJakewJ3D73YM+2hiHF3Xuh
Score3/10 -
-
-
Target
ntrboot/GodMode9_ntr_dev.firm.sha
-
Size
32B
-
MD5
69e33f756730d351f312182feadcf36e
-
SHA1
371287c9152c5193f0313c65cc9208b4e5c37652
-
SHA256
1c450fc4860528aff76159b4353f01d572205bc46a98735a67cac84be76c9420
-
SHA512
9ba894e0118c54ccb421620a89a2f63e2c40e356ee67516bb49bf63da8d10000f8c3ca6ca0fa8f18eaa9bd6a877593af336ddfa86323419ef99232cb27133ec3
Score3/10 -
-
-
Target
sample/HelloBranching.gm9
-
Size
7KB
-
MD5
f423d2e3850c2ac67b4ca08dd536320a
-
SHA1
24103d118d6104e1b82a6f6affad40fae163c80f
-
SHA256
7208a693bbd18203f1ab05f33a90a9c0577b2f4d1bd7ccaaab34d20213c5cef5
-
SHA512
63c32c4c48c12aac4403068388ea3236e47f1b88df0a76550cc4d044783bcaa68d36c0fab8c4553fab4a070a8b273670b418fdaf5028ae873bbe36e82e9adc9f
-
SSDEEP
96:0GjdVQHIEVCqDSctGAFWBoXSsQJjVw42EYEOaoZuVxfCo/QLxJ3GrCiNvn25wG7+:JjdfEMqpTkB9sANmEmCpCeQdJECiF2yZ
Score1/10 -
-
-
Target
sample/HelloScript.gm9
-
Size
15KB
-
MD5
aea0bd0a28b16f9aade0dc60470bc856
-
SHA1
b4d9c2331e92afc3bd31f0e344fc6abe5e453fe7
-
SHA256
e51cd1d080a21719ed5dd301dc5e2260090533992f42e0b36f0e53f65ac966e3
-
SHA512
532d3455c26ed9f4407be0f2d9288092b004ea8a2478cd10834e1928e70363fd4d5d3fabc3f8e48c418fe57dd0ba7210e09bf37bce289f5c87c1c729f2118ce4
-
SSDEEP
384:V2RWbmdR2oOgZ5tsvmONgDvF7Vd+aMvuV+Gjazbbmp:ViomZOUoWBV1MmV+Dbbmp
Score1/10 -
-
-
Target
sample/HelloSpaghetti.gm9
-
Size
2KB
-
MD5
e59b51c37f67c8288ad7c720bcb23739
-
SHA1
ad46538abe57c9d286da592c88af5b24c2e322fa
-
SHA256
45b2ae43f150bc8d78cd1ea8ccab58ab35c1b4055b769558edbb769a38bf7d5f
-
SHA512
f1af150c490f19534c668b00efa2987a0e3eaacde04ba481502adb5997e6793c5ec28bc94deb30a6dd33cdbecda108447656652a3fd234190d330c1d1673d318
Score1/10 -