General
-
Target
GLP_installer_900222462_com.kiloo.subwaysurf.exe
-
Size
3.7MB
-
Sample
230805-hcydwscb9w
-
MD5
487947f9873317626c31defefb3fc668
-
SHA1
54397b4bdcec5dcc62e3156320102acecbfce3c3
-
SHA256
8be3cccb9fad3a2d11c8b4748c76801d5234b4c322710ac7523bab7ba09d65c0
-
SHA512
79852e5f4414769083da898eaa5c8e161b80589ac7f85529c87211575194ab8faf26abd17071becef89a15649c4293e6a775489e6bb99657df1f813cd901318e
-
SSDEEP
49152:E08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRknm7LBs:E08vdsGaQNgS1C6eenZAlqb
Malware Config
Targets
-
-
Target
GLP_installer_900222462_com.kiloo.subwaysurf.exe
-
Size
3.7MB
-
MD5
487947f9873317626c31defefb3fc668
-
SHA1
54397b4bdcec5dcc62e3156320102acecbfce3c3
-
SHA256
8be3cccb9fad3a2d11c8b4748c76801d5234b4c322710ac7523bab7ba09d65c0
-
SHA512
79852e5f4414769083da898eaa5c8e161b80589ac7f85529c87211575194ab8faf26abd17071becef89a15649c4293e6a775489e6bb99657df1f813cd901318e
-
SSDEEP
49152:E08OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRknm7LBs:E08vdsGaQNgS1C6eenZAlqb
Score9/10-
Renames multiple (83) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-