General
-
Target
Goonscript.exe
-
Size
6.9MB
-
Sample
240509-w945lagh4y
-
MD5
470268ecd355efae1786bef07fd81cad
-
SHA1
4e6477d59166f627c9735615ddc5341c16134c1e
-
SHA256
d6abd828b52cf392d821adefecf01b16c08c1f2ac97fb7075c3f20d099c5a6d2
-
SHA512
3c3b00eaaa76917aac87063cb767a052fa49fbde54c44b3476b0b5202e6e8eae47121da6632c0f764b44cad28b929f525f233689ff8c2d86e9a4e08e4c8ffff6
-
SSDEEP
98304:aAl0hhyGiuYdA0QauZEBzh1NXXL0gN3glS7oLxC0n8rpuil3lyesl6jXAGAbFQCc:aUBuYdVsI7pt3uND8rBVFj94FDEX
Static task
static1
Behavioral task
behavioral1
Sample
Goonscript.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Goonscript.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Goonscript.exe
-
Size
6.9MB
-
MD5
470268ecd355efae1786bef07fd81cad
-
SHA1
4e6477d59166f627c9735615ddc5341c16134c1e
-
SHA256
d6abd828b52cf392d821adefecf01b16c08c1f2ac97fb7075c3f20d099c5a6d2
-
SHA512
3c3b00eaaa76917aac87063cb767a052fa49fbde54c44b3476b0b5202e6e8eae47121da6632c0f764b44cad28b929f525f233689ff8c2d86e9a4e08e4c8ffff6
-
SSDEEP
98304:aAl0hhyGiuYdA0QauZEBzh1NXXL0gN3glS7oLxC0n8rpuil3lyesl6jXAGAbFQCc:aUBuYdVsI7pt3uND8rBVFj94FDEX
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-