General
-
Target
Goblin Free Permanent Woofer V2.0.rar
-
Size
376KB
-
Sample
240412-2phczsae3y
-
MD5
4882f98ad0850be7c70ec19dac46d044
-
SHA1
09c2f13897a1764032b48c98cd00bd3bf5fafb34
-
SHA256
f89faa5364df8789f137338ca55375693a2c18516fa0f28d85f61958ff4e4d50
-
SHA512
e6f17ce27d5f74b18564bdbad350b791893a6ff92956f0320e317023e6ed1e6eb917708ae78bf8a3fd38d5d026d0120c8d2b346573b1a48e653cd215088fdee8
-
SSDEEP
6144:PqkJJjtcbkW6tITVf/OHDQPUo1r3rkwvAOUKucwneI1FCg/mHjOWq3WIteVQAzR4:SijtcgWvTV+HDoF3rzvJU+OeI1FCgeD6
Static task
static1
Behavioral task
behavioral1
Sample
Goblin Free Permanent Woofer V2.0.rar
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
Goblin.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Goblin Free Permanent Woofer V2.0.rar
-
Size
376KB
-
MD5
4882f98ad0850be7c70ec19dac46d044
-
SHA1
09c2f13897a1764032b48c98cd00bd3bf5fafb34
-
SHA256
f89faa5364df8789f137338ca55375693a2c18516fa0f28d85f61958ff4e4d50
-
SHA512
e6f17ce27d5f74b18564bdbad350b791893a6ff92956f0320e317023e6ed1e6eb917708ae78bf8a3fd38d5d026d0120c8d2b346573b1a48e653cd215088fdee8
-
SSDEEP
6144:PqkJJjtcbkW6tITVf/OHDQPUo1r3rkwvAOUKucwneI1FCg/mHjOWq3WIteVQAzR4:SijtcgWvTV+HDoF3rzvJU+OeI1FCgeD6
Score3/10 -
-
-
Target
Goblin.exe
-
Size
724KB
-
MD5
d244d14f356f5f7d4736ebd0a536c597
-
SHA1
4482e7a876b8a07992ebe6681b0b0a65c9de9b62
-
SHA256
83efb0e288be5b31dfc4ba04a05e26c5df398ef23879fadd89a0e815284e3c10
-
SHA512
c7f9eb8e0504f2bb15ca79826c9aa04085cdfc3af707b9b4328292351142880196a4f338c369e2d82599c9df4ba4b09ca9ff673cd84ff39d770c046d4ee91278
-
SSDEEP
12288:q9exCpICTTwF+jZMP7iRaltjsTaVkXsDWnuSgtBs738+BC8:q9QCpIYTwkVMORaltjsWIsauSIBs73p7
Score10/10-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Nirsoft
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-