General
-
Target
ggpermv3_1.rar
-
Size
1.0MB
-
Sample
240322-atdrtaff4z
-
MD5
bb1e6fbfaddfd169ea2759cf5c6fed7b
-
SHA1
ee6e26bf37cc248bd6c17232b931acc710f24de5
-
SHA256
15ba48e43afbe0d0ba05d7befbfd4073c459d3335280c5885ecd2cb9f07b7970
-
SHA512
338a707e4f647093e1468cfac934b7fad1e1608c767364a89b9b85c3f093b162485a8f31819644a863bed70c8d5aa0fadcccf5419c5e8a609989983b444de431
-
SSDEEP
24576:e/zhFNfCWngFSN+6ev8ypq5uKxERbdZlL:IxvngFS4KyEylL
Malware Config
Targets
-
-
Target
ggpermv3_1.rar
-
Size
1.0MB
-
MD5
bb1e6fbfaddfd169ea2759cf5c6fed7b
-
SHA1
ee6e26bf37cc248bd6c17232b931acc710f24de5
-
SHA256
15ba48e43afbe0d0ba05d7befbfd4073c459d3335280c5885ecd2cb9f07b7970
-
SHA512
338a707e4f647093e1468cfac934b7fad1e1608c767364a89b9b85c3f093b162485a8f31819644a863bed70c8d5aa0fadcccf5419c5e8a609989983b444de431
-
SSDEEP
24576:e/zhFNfCWngFSN+6ev8ypq5uKxERbdZlL:IxvngFS4KyEylL
Score7/10-
Executes dropped EXE
-
-
-
Target
READ ME!!!!.txt
-
Size
129B
-
MD5
bda490f8e0a1578ebdb6ff542bc2d653
-
SHA1
6b7cb0aa8d3894545928941697ebde01b8e416e3
-
SHA256
92ff2b395f9d0e4f4e7ac1bb3b6ffe3cd166f39dff2a73b52060e8a34a460848
-
SHA512
479589c1fb67844aa7cc5bfc003ce69ef093dc91cdc32b33d3bbde3e6e68c8803ecf72ad4b555ebe435f9451e2ab6ea983bf7cf90ce0474e5a7922fc8d7372b4
Score1/10 -
-
-
Target
ggpermV3/AMIDEWINx64.EXE
-
Size
453KB
-
MD5
6a6505b2413d2c7b16c6d059448db9e5
-
SHA1
dfe6c6b6051c26326a12dc9d0d5701cb4728266c
-
SHA256
53e3b72f8eb13acf3cb69d4cb124e8dc64fc541555c3c95cc8003b8046853955
-
SHA512
1c0531581f0efe683ab763f6633ace60f0637b22830e7ec551babe19ac777a1a6821dc568bce13a8abee8bfef1c7d9397e0bee1c78c00810c65dadd788dab2a3
-
SSDEEP
6144:JIeh4+TOKGuTSuXCJ6AtCoZPhGL/TnJ+z5rsxQhsCI9t/tk7MP:jpPTxXihA+zBhsC2Z
Score1/10 -
-
-
Target
ggpermV3/Final_Cleaner.bat
-
Size
107KB
-
MD5
98f1a0eebcb5f4798662a40323b05a7e
-
SHA1
068e288005c04b8d859c44d3767613a8036bdb11
-
SHA256
00023ce602db623e47de1029595339eec4ee5019c6017236c9b721cac0ae4032
-
SHA512
6cfda16ce56b1173b91bd86c0f977f022a0b01a77142a15f66d865ee3f00ffee6aa2df7571edcccac41f7d680a9c4c536991abd91e86a00b083b8f9f37a39cf7
-
SSDEEP
768:S/KZzmezF/svUsfg8gVhCBL1oPYdxCA1n5xpoL8oPlRPrPEPupL5LvLpLjLgwJyo:Kg8gUDRnvplQL5LvLpLjLnn
Score1/10 -
-
-
Target
ggpermV3/Newtonsoft.Json.dll
-
Size
695KB
-
MD5
195ffb7167db3219b217c4fd439eedd6
-
SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8
-
SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
-
SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
SSDEEP
12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score1/10 -
-
-
Target
ggpermV3/Siticone.UI.dll
-
Size
1.3MB
-
MD5
750c58af2e56b6addecffcf152520ab8
-
SHA1
14995e7f1d12498606d9d209d78d55fe6fd87802
-
SHA256
27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
-
SHA512
2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
-
SSDEEP
24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score1/10 -
-
-
Target
ggpermV3/Trinity Cleaner.exe
-
Size
752KB
-
MD5
5ff39c44ff3eaf7798bffa670fb4b600
-
SHA1
cd22cc93964fdeb470460642c44fd4ce31f3bf1e
-
SHA256
fd5d49ac3a9a4130261f43ef6e6c9c6a4a317e7ba421f88e22e0fbe96fd45429
-
SHA512
6ec8f1e38d78a773f8b0764f7aa5d8902c8c556a2583bdf62b6485e093c8a193b5965e3d908abe60d80b0fc690e2def7721aa896f14f6e77c80f72aa11fa3878
-
SSDEEP
12288:FBTyBtZmiNYQtIFc5oiJfJulj1CBMeIFjKuQdGhSaApNrWSvUghmjpoVb3/k2JP:eBtZicIFc5oiJfJulj1CBMeIFjKuQdGP
Score8/10-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
-
-
Target
ggpermV3/amifldrv64.sys
-
Size
18KB
-
MD5
785045f8b25cd2e937ddc6b09debe01a
-
SHA1
029c678674f482ababe8bbfdb93152392457109d
-
SHA256
37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
-
SHA512
40bbeb41816146c7172aa3cf27dace538908b7955171968e1cddcd84403b2588e0d8437a3596c2714ccdf4476eefa3d4e61d90ea118982b729f50b03df1104a9
-
SSDEEP
384:Cf8OVN6UDYm+b10HMHd6xhxuGZBBfSZsHLPK6jz/cf:CffV8KApCMMxDuIPKgwf
Score1/10 -
-
-
Target
ggpermV3/ggpermV3 - Acceso directo.lnk
-
Size
1KB
-
MD5
5c38f8ff26159636728fa620a07eb5f3
-
SHA1
f1a901f597849916c93598279d7a648070751771
-
SHA256
1e915274b105e858d0f63ff2273c46791828dd65694c92b8f0f60f9c82bf3ab0
-
SHA512
260a90915f39ee7c00ac0f7a8391c282f318b0932c0e49dac975bd5ea43f9b46537e0c67449cc50cce89e62efcf411af768b305ee391eeca9f566277e360b3dd
Score3/10 -
-
-
Target
ggpermV3/ggpermV3.exe
-
Size
62KB
-
MD5
eac37455baace3357722d2bc5cf40be9
-
SHA1
bfbb2b0f876a0784e5a0d78b7981b27254c0a766
-
SHA256
e333b29fa06d2138c9a4c634fde1fe4212bd2a027c0175008001c8af60d34053
-
SHA512
78065623e0bafa450e49c91b700da3a31536033d005a6d20126cc886bc1075788a4e5d5f7b689b47c4eea01f58f797e696f06038dd967b6143d07204048ad067
-
SSDEEP
1536:eh4f8xsBb7KAMFYieXfRc/onjx6FXs+ceAP5w:bBbnRJfROqwFcZbP5w
Score8/10-
Stops running service(s)
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
ggpermV3/macchanger.bat
-
Size
2KB
-
MD5
c0b8d81370dd4defc9317dc6c204d581
-
SHA1
fa2b6a292c398d2a2febbdddcf39a62ffbb6fb23
-
SHA256
4d8d40a7e435fc815d088d7309a6bece3a9d798b4fb8170ca3d9c4c7c8c6784f
-
SHA512
271552179a651414d8b321017a8675a1cd09ac83394cc014453d28f1837b60db657b1d75362af71d075b1f4e33ac5eedf6556a43709589a6159c4d0ef2d00828
Score1/10 -
-
-
Target
ggpermV3/sxghr-driver.dll
-
Size
5KB
-
MD5
7941cb95d1182b91c1128ecaa566f22c
-
SHA1
cf2e82d486ec7364515e34561ac2e1b5c457b8c5
-
SHA256
70d8f0ce3cb2651052a628564e2ce0d715822fad141273c65892cd5515bc7741
-
SHA512
89b9f7ed06a562a84f98c51541fa98661222be1b3deb638c3b83aa44150749b668c9e2f1b74d8f5010ea1085d3e64f8e1257e32b5a33dcb08eb182ddc58721d7
-
SSDEEP
48:6Ksdk+U/8KC01Jf/pujgRPVTlMdSHj+cFRKwZaQ7KcmFxeJ6+XtXKXBlagc1w7lQ:L0jgV4da++RKwZaAKzFWTsGa80pzNt
Score1/10 -
-
-
Target
ggpermV3/sxghr-driver.exe
-
Size
137KB
-
MD5
84c83f1f50bed460d9bd13fa4d83304b
-
SHA1
e4c17ffcc97654efa537310f81702d922b3101f3
-
SHA256
a89fcdf02e9d587c2c00cbfa5efada6b308f62d7d8a296f7a1cfc8c4991de375
-
SHA512
4d19b7c31265507c7962a45c2babd266bd8dceae4e9d3cd3c9359083c066a77028158790f3f14cbb22a46ec90d754efa6fa811774b330f6910b7e5576335c289
-
SSDEEP
3072:1efQZKfOC31VwyY9egNtfNjJvjmqqF7Hb/LMm5MqDC:1DewyY9egLRePYm5B
Score1/10 -
-
-
Target
ggpermV3/sxghr-driver.pdb
-
Size
10KB
-
MD5
9b122b1efed93be7e460b73c527f3ef7
-
SHA1
d3f19a9f4ae85b6786e4c20afd69f3fd2e70ca20
-
SHA256
2947c85cd0c1630c6cc1b1d193655d5102a737cf4fe82114cb18e8180a528adc
-
SHA512
06eabb565eb0914528ca9f87305f23779fa1f84f4907f0c90e4436d2e6122d5049d90442ddb23ae66f6aba4fcab84d09c84971d576a06663ebafab3594e395c2
-
SSDEEP
192:E4MQLy/cXKwBDAaNsWnBIZyzu6NFbc8kkzxt+9Jfu8S5Su1DA5kHvfBqZuDKetG8:hsHwBDAaNseBIZyzu6Tc8kkzObfu8jZq
Score3/10 -
-
-
Target
ggpermV3/sxghr-driver.runtimeconfig.json
-
Size
268B
-
MD5
9fcdf880f73e74cf6347f8194b9f3509
-
SHA1
ab571c7ed4920129c89c7e083f3c9f22597198bc
-
SHA256
162d81f468bec570ec15e527433f4de5d5729ffe338ab79b22671f38760d34bd
-
SHA512
23ea2a78914aeec443bded1e6dddb1fce61f0445c53e0428e97353dcc25e9ee80a98603069de336d57c1d12b00eb14ad59847137387df330a3925bd763f4fde1
Score3/10 -
-
-
Target
ggpermV3/woof.bat
-
Size
1KB
-
MD5
9dfe4e730dcc5e0d3951038ad2a095a1
-
SHA1
e033d9a40234b9544606ec4d603add264cb38841
-
SHA256
bfffd2faf6710e02912de0eec63b593f35a8bebef114932b4a4bc9c67fad59b8
-
SHA512
297e9950fd207687af957a94c5fb7d073bb89dcebdd6ee047fa0465f55bb95b42563c7310980bf1e41ca671a1f8c824e86dfe515b844f99f307965d199d8dbfd
Score8/10-
Stops running service(s)
-
Drops file in System32 directory
-