General

  • Target

    GGKILLER.7z

  • Size

    3.5MB

  • Sample

    240608-vsqefadf81

  • MD5

    155608e4df8013f2e348eeb83512f4ae

  • SHA1

    2452d259f8bbb61cae3ec2993ec44c5e8a44fef2

  • SHA256

    cdfccd9051fde177ede6ae732d3e339625df4633909fe184c4148db5e52c27af

  • SHA512

    a6bbf115f3fcc495bffaf15366ce5d4c531d6c035e29c8f52c4e398a07d999c30872c651d6dfaa461d881e21feb682faeb194fe3dbed7443025d898ec36fd3bf

  • SSDEEP

    98304:e2WZIOmHCh4IXwpmcJUMyTzVyXn0NqHXpIorqwaFh:e2QWChRAppyTcXn0cHbrq93

Malware Config

Targets

    • Target

      GGKILLER.7z

    • Size

      3.5MB

    • MD5

      155608e4df8013f2e348eeb83512f4ae

    • SHA1

      2452d259f8bbb61cae3ec2993ec44c5e8a44fef2

    • SHA256

      cdfccd9051fde177ede6ae732d3e339625df4633909fe184c4148db5e52c27af

    • SHA512

      a6bbf115f3fcc495bffaf15366ce5d4c531d6c035e29c8f52c4e398a07d999c30872c651d6dfaa461d881e21feb682faeb194fe3dbed7443025d898ec36fd3bf

    • SSDEEP

      98304:e2WZIOmHCh4IXwpmcJUMyTzVyXn0NqHXpIorqwaFh:e2QWChRAppyTcXn0cHbrq93

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      GGKILLER/GGKiller.dll

    • Size

      14KB

    • MD5

      2ca91f1d9e77883f013382e6480b989a

    • SHA1

      b38bff58f25f7209c7138347c31eabc56f6a82ad

    • SHA256

      c66ae606927d3513e32d6ac3b949829b9bdaec33e0a6095df6dc32ab00c05b05

    • SHA512

      c837b41ba60765999e9b1ef5006e12b73c2771265ef4c61110457f7abb35f07e8c2283a455d6e2168514bc7c4bb25e2237a48fe06accd6b55d56562b93bca811

    • SSDEEP

      192:NGEerh4v1pPaVRlfT62UHjAUyKQZErPc7h3xlFnVo/:NGdiv1pATr62UHjAmQZwc7h3Q

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      GGKILLER/GGKiller.exe

    • Size

      3.5MB

    • MD5

      820a9e561d9dfc4d1f87c6996568ab90

    • SHA1

      b43f4d8bdcedbbdf48ff1fe395bdb2f03f8b7e9e

    • SHA256

      b92ef426190f6feea9714198585be1f0f969a2a1295fdad1c467ebcd64d9c9d4

    • SHA512

      9a6dc6cdb3556d0a43e6494b3572f5e869e18bc814e77791a121f46877fe59c558bb275883da37684d12ed057e23607b979c4af62efd1326952768ec8c823e99

    • SSDEEP

      98304:9EKje4CSWnsuTtOk8hJj9gW7RJF26E0et3nkHPFg2Zqw4Z/Y:9EKWvnsW4ksgWNJFn3et3kHTZq5VY

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      GGKILLER/GGKiller.runtimeconfig.json

    • Size

      253B

    • MD5

      24e4653829de1022d01cd7ddd26e2f22

    • SHA1

      9160a009cb381e044ba4c63e4435da6bfeb9dc6d

    • SHA256

      ded3aeb5856a11db0b654a785574490cab55839ebfb17efe9e39b89618fc5b91

    • SHA512

      efd4bbba1baec0b47003831510e3aa539db9ef468e0f06ba9d7ba6d0b3800035f7c818d7d90171bfd377ec97d08c4617555bcff635dd83efceb412b1a9cca820

    Score
    3/10
    • Target

      GGKILLER/Helldivers2_1.2.7.ct

    • Size

      55KB

    • MD5

      c7401b131764aef39c46c9d84b206f49

    • SHA1

      144dc9018de06f51b9b1462f9fa443051f7bec78

    • SHA256

      e5798ba0fbcfbcb5d19773fec95be5affeef6009525ed6291dbfc67db01a4d83

    • SHA512

      6162dc97d24aac591d5e63ab6b8fa39bb54174f9c0111544334457f276f1fc36cb93819bcbc82d0ef096a9ed7ba0c73125570789c108eacfdfcc6fe0dbfba381

    • SSDEEP

      768:efn3W4Z71joQ9Ma9QaXJoyjOgl5szGckiEALpLA2qOVKFzod7axzod7as:d4ZmQGaDoySGcVEze0zer

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks