General
-
Target
Geometry Dash_8wYgl-1.exe
-
Size
13.8MB
-
Sample
230914-gx786ace77
-
MD5
98f37b09dadc616079b92a6c5afdd066
-
SHA1
b55932b9c10046cfccde0210d5da29f3e5b2afb9
-
SHA256
1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9
-
SHA512
6e45a6fe9d35350be799fa95d7aa12a960695d94dd99ff581c17685b94c1e8b4ba618dc5d3932a7e0ce63c676471caeb6bc2ee40e1c644ae7848bf0db286a26f
-
SSDEEP
196608:0j6kU9NYlObEk0Lp2dd/kZzkmxgy9NSW7I7GIXSpINbhiTGIwTh3kC3uDEN9TrSh:mLSN30LpEiSCC9XSpIFwah3RuINhkUU
Static task
static1
Behavioral task
behavioral1
Sample
Geometry Dash_8wYgl-1.exe
Resource
win10v2004-20230831-en
Malware Config
Targets
-
-
Target
Geometry Dash_8wYgl-1.exe
-
Size
13.8MB
-
MD5
98f37b09dadc616079b92a6c5afdd066
-
SHA1
b55932b9c10046cfccde0210d5da29f3e5b2afb9
-
SHA256
1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9
-
SHA512
6e45a6fe9d35350be799fa95d7aa12a960695d94dd99ff581c17685b94c1e8b4ba618dc5d3932a7e0ce63c676471caeb6bc2ee40e1c644ae7848bf0db286a26f
-
SSDEEP
196608:0j6kU9NYlObEk0Lp2dd/kZzkmxgy9NSW7I7GIXSpINbhiTGIwTh3kC3uDEN9TrSh:mLSN30LpEiSCC9XSpIFwah3RuINhkUU
-
Cobalt Strike reflective loader
Detects the reflective loader used by Cobalt Strike.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1