General
-
Target
2024-06-01_8bf09ef2a418c477474305b7a8065ae2_gpcode
-
Size
25KB
-
Sample
240601-2hxjbshg77
-
MD5
8bf09ef2a418c477474305b7a8065ae2
-
SHA1
dba57af39b41384369fadf091cdfc477892bd119
-
SHA256
f779b132d6e1bd6f3c8a591f0ba4db8a2e4f6cd9d06ff3b70a7d1400be242355
-
SHA512
33b1c06a13d8e412b4e57ae62887a9a4436928176f1831616ce836aa4741ede7a9462234a3dff781f9a10cc50cce9d3dccddf91b5f1c82468bd578fa4a40356d
-
SSDEEP
192:w+u0k+vYaSyBgp/Gf/nADxiLVK5BOZNyViyKs9LV5+CnQiug2f5rPT5gd:/BQa1ip/CnB5yBOZt3sRvQZg2dPT
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-01_8bf09ef2a418c477474305b7a8065ae2_gpcode.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-06-01_8bf09ef2a418c477474305b7a8065ae2_gpcode.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2024-06-01_8bf09ef2a418c477474305b7a8065ae2_gpcode
-
Size
25KB
-
MD5
8bf09ef2a418c477474305b7a8065ae2
-
SHA1
dba57af39b41384369fadf091cdfc477892bd119
-
SHA256
f779b132d6e1bd6f3c8a591f0ba4db8a2e4f6cd9d06ff3b70a7d1400be242355
-
SHA512
33b1c06a13d8e412b4e57ae62887a9a4436928176f1831616ce836aa4741ede7a9462234a3dff781f9a10cc50cce9d3dccddf91b5f1c82468bd578fa4a40356d
-
SSDEEP
192:w+u0k+vYaSyBgp/Gf/nADxiLVK5BOZNyViyKs9LV5+CnQiug2f5rPT5gd:/BQa1ip/CnB5yBOZt3sRvQZg2dPT
Score9/10-
Renames multiple (908) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-