c5ffa67d268d7ff6730eefcb92da17234d3b48f495285522497827866eb8bb7c | Triage

Submit
Reports

Overview

overview

8

Static

static

7

GOG_Galaxy_2.0.exe

windows7-x64

7

GOG_Galaxy_2.0.exe

windows10-2004-x64

8

Sharing

General

Target

GOG_Galaxy_2.0.exe
Size

960KB
Sample

231112-shw35age4w
MD5

4e310b3c8eb5fbf369859134863a5cdf
SHA1

4fed7e59415195fc0a2d1a88e8e80e65ed0a7127
SHA256

c5ffa67d268d7ff6730eefcb92da17234d3b48f495285522497827866eb8bb7c
SHA512

33f1a1c62d7d81e4ccad811f2dd90b064236dd2e5bce9e0f5f5d8b3d912c7738e716dfba0484b353a921d7d62e56a8f4b45eafc358c3579c96057c295b0d050b
SSDEEP

12288:T27p5j8DPeuUSFHqLV+JjY4UW61O4RAxDleFbWQCQTFgSYyAzB+Q/uLnK3:T27EDFHqLy826My+QiyGJyAV+muLK3

Score

8^/10

discovery evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

GOG_Galaxy_2.0.exe

Resource

win7-20231020-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

GOG_Galaxy_2.0.exe

Resource

win10v2004-20231025-en

discovery evasion persistence trojan upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  GOG_Galaxy_2.0.exe
- Size
  
  960KB
- MD5
  
  4e310b3c8eb5fbf369859134863a5cdf
- SHA1
  
  4fed7e59415195fc0a2d1a88e8e80e65ed0a7127
- SHA256
  
  c5ffa67d268d7ff6730eefcb92da17234d3b48f495285522497827866eb8bb7c
- SHA512
  
  33f1a1c62d7d81e4ccad811f2dd90b064236dd2e5bce9e0f5f5d8b3d912c7738e716dfba0484b353a921d7d62e56a8f4b45eafc358c3579c96057c295b0d050b
- SSDEEP
  
  12288:T27p5j8DPeuUSFHqLV+JjY4UW61O4RAxDleFbWQCQTFgSYyAzB+Q/uLnK3:T27EDFHqLy826My+QiyGJyAV+muLK3
Score

8^/10

upx discovery evasion persistence trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy