Overview
overview
7Static
static
3GDLauncher...64.exe
windows10-1703-x64
7$PLUGINSDI...er.dll
windows10-1703-x64
1$PLUGINSDI...ls.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3$PLUGINSDI...ll.dll
windows10-1703-x64
3$PLUGINSDIR/app-64.7z
windows10-1703-x64
3GDLauncher.exe
windows10-1703-x64
7LICENSE.electron.txt
windows10-1703-x64
1LICENSES.c...m.html
windows10-1703-x64
4chrome_100...nt.pak
windows10-1703-x64
3chrome_200...nt.pak
windows10-1703-x64
3icudtl.dat
windows10-1703-x64
3locales/af.pak
windows10-1703-x64
3locales/am.pak
windows10-1703-x64
3locales/ar.pak
windows10-1703-x64
3locales/bg.pak
windows10-1703-x64
3locales/bn.pak
windows10-1703-x64
3locales/ca.pak
windows10-1703-x64
3owutility.dll
windows10-1703-x64
1resources/...li.exe
windows10-1703-x64
1resources/...le.exe
windows10-1703-x64
5resources/elevate.exe
windows10-1703-x64
1vk_swiftshader.dll
windows10-1703-x64
1vulkan-1.dll
windows10-1703-x64
1$PLUGINSDI...ec.dll
windows10-1703-x64
3$PLUGINSDI...7z.dll
windows10-1703-x64
3$R0/Uninst...er.exe
windows10-1703-x64
4$PLUGINSDIR/INetC.dll
windows10-1703-x64
3$PLUGINSDI...ls.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3$PLUGINSDI...ll.dll
windows10-1703-x64
3$PLUGINSDI...ec.dll
windows10-1703-x64
3Analysis
-
max time kernel
127s -
max time network
136s -
platform
windows10-1703_x64 -
resource
win10-20240404-es -
resource tags
arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
05/06/2024, 18:56
Static task
static1
Behavioral task
behavioral1
Sample
GDLauncher__2.0.9__win__x64.exe
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/app-64.7z
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral7
Sample
GDLauncher.exe
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral8
Sample
LICENSE.electron.txt
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral9
Sample
LICENSES.chromium.html
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral10
Sample
chrome_100_percent.pak
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral11
Sample
chrome_200_percent.pak
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral12
Sample
icudtl.dat
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral13
Sample
locales/af.pak
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral14
Sample
locales/am.pak
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral15
Sample
locales/ar.pak
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral16
Sample
locales/bg.pak
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral17
Sample
locales/bn.pak
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral18
Sample
locales/ca.pak
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral19
Sample
owutility.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli-win32-x64/bin/sentry-cli.exe
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral21
Sample
resources/binaries/core_module.exe
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral22
Sample
resources/elevate.exe
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral23
Sample
vk_swiftshader.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral24
Sample
vulkan-1.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral27
Sample
$R0/Uninstall GDLauncher.exe
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/INetC.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10-20240404-es
windows10-1703-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10-20240404-es
windows10-1703-x64
General
-
Target
resources/binaries/core_module.exe
-
Size
26.1MB
-
MD5
d78b9a9a820c9f39dcacf6756d8ef5ce
-
SHA1
0cfe541a6ac9e1fc6153fa3c9fa11b70c2210b0d
-
SHA256
59170447cf1e7e758ad6f54b6a8982316de21cfebb543c35f61347ab08c8ee24
-
SHA512
14d7a9ffdfa861cf3c2366980ec63496e285ed7f897719ada5f486df766b7a2352297f40529ff5534167be57f54a8d15902a4171fe07467696c98655fc1aa3d4
-
SSDEEP
196608:0rmuXNYaqEB5T6OBvFsaHHfEVd/munw9val:um6WEB5X7EVd/muOval
Malware Config
Signatures
-
Drops file in System32 directory 18 IoCs
description ioc Process File opened for modification C:\Windows\SYSTEM32\exe\carbon_app.pdb core_module.exe File opened for modification C:\Windows\System32\symbols\exe\carbon_app.pdb core_module.exe File opened for modification C:\Windows\SYSTEM32\dll\ntdll.pdb core_module.exe File opened for modification C:\Windows\SYSTEM32\symbols\exe\carbon_app.pdb core_module.exe File opened for modification C:\Windows\SYSTEM32\symbols\DLL\kernel32.pdb core_module.exe File opened for modification C:\Windows\System32\symbols\DLL\kernel32.pdb core_module.exe File opened for modification C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb core_module.exe File opened for modification C:\Windows\System32\symbols\dll\ntdll.pdb core_module.exe File opened for modification C:\Windows\SYSTEM32\carbon_app.pdb core_module.exe File opened for modification C:\Windows\System32\exe\carbon_app.pdb core_module.exe File opened for modification C:\Windows\SYSTEM32\DLL\kernel32.pdb core_module.exe File opened for modification C:\Windows\System32\kernel32.pdb core_module.exe File opened for modification C:\Windows\System32\DLL\kernel32.pdb core_module.exe File opened for modification C:\Windows\System32\ntdll.pdb core_module.exe File opened for modification C:\Windows\System32\dll\ntdll.pdb core_module.exe File opened for modification C:\Windows\System32\carbon_app.pdb core_module.exe File opened for modification C:\Windows\SYSTEM32\kernel32.pdb core_module.exe File opened for modification C:\Windows\SYSTEM32\ntdll.pdb core_module.exe