General
-
Target
GSClient_Setup_CS_1_6.exe
-
Size
263.1MB
-
Sample
240813-vhmwkavgrd
-
MD5
c7067a7d7a096da7f12c5b0577ce1eda
-
SHA1
1c989db53e9a3e6c38e4a4d44a8dd572f6a31e5d
-
SHA256
9cc115b0e4a690b1d82a0e4ada34defb19c1bd246a45ba56295a3fbde0abe158
-
SHA512
f64b6f53386abd4455d9df2db49ecf980f9358c3ad0b79cc553e66404421d98f23d28272c2275362ad95fe84b0ef6389be0dcff575f8497bcb63feb3bf0b5823
-
SSDEEP
6291456:7UMXs+AiZ+VZXO+R/juaKFG3CX6whYIHxZJPN7kkI8u:QCGzO+R7wG3CKwhpxNIRL
Malware Config
Targets
-
-
Target
GSClient_Setup_CS_1_6.exe
-
Size
263.1MB
-
MD5
c7067a7d7a096da7f12c5b0577ce1eda
-
SHA1
1c989db53e9a3e6c38e4a4d44a8dd572f6a31e5d
-
SHA256
9cc115b0e4a690b1d82a0e4ada34defb19c1bd246a45ba56295a3fbde0abe158
-
SHA512
f64b6f53386abd4455d9df2db49ecf980f9358c3ad0b79cc553e66404421d98f23d28272c2275362ad95fe84b0ef6389be0dcff575f8497bcb63feb3bf0b5823
-
SSDEEP
6291456:7UMXs+AiZ+VZXO+R/juaKFG3CX6whYIHxZJPN7kkI8u:QCGzO+R7wG3CKwhpxNIRL
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Pre-OS Boot
1Bootkit
1