Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

GeeLark_x64_1.8.0.exe

windows10-1703-x64

8

$PLUGINSDI...os.dll

windows10-1703-x64

3

$PLUGINSDIR/nsDui.dll

windows10-1703-x64

3

$PLUGINSDI...ss.dll

windows10-1703-x64

3

DuiLib_d.dll

windows10-1703-x64

3

DuiLib_u.dll

windows10-1703-x64

3

DuiLib_ud.dll

windows10-1703-x64

3

DuilibPreview.exe

windows10-1703-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GeeLark_x64_1.8.0.exe

  • Size

    356.6MB

  • Sample

    240819-wsxn7asdpn

  • MD5

    174c9028c3149db2b677fce0e5ca6176

  • SHA1

    bae23c504e3f2e0b34b638d9cb34d6286d400875

  • SHA256

    ec272e16f26ae18203872c423e9819373a2840ed4c3acc4fe902cf6195107463

  • SHA512

    bd2ed0c427851551d6afc9ae1728a094270dc8039b953e9f825c839bae5e3450fa8dc02db935b67847460f4d5bf1020e1b5bcbddb2504d46f06a099a07f43385

  • SSDEEP

    6291456:r/UXqr57KtWnrZtMUjAvzAGUG1G/raD4ZkwXvRfLfRZV7EZ1SNG8+jjxlrxTr9RC:rUXqugZtMUMvnUGQ/m4ZkyBRUPD9jxlY

Score
8/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      GeeLark_x64_1.8.0.exe

    • Size

      356.6MB

    • MD5

      174c9028c3149db2b677fce0e5ca6176

    • SHA1

      bae23c504e3f2e0b34b638d9cb34d6286d400875

    • SHA256

      ec272e16f26ae18203872c423e9819373a2840ed4c3acc4fe902cf6195107463

    • SHA512

      bd2ed0c427851551d6afc9ae1728a094270dc8039b953e9f825c839bae5e3450fa8dc02db935b67847460f4d5bf1020e1b5bcbddb2504d46f06a099a07f43385

    • SSDEEP

      6291456:r/UXqr57KtWnrZtMUjAvzAGUG1G/raD4ZkwXvRfLfRZV7EZ1SNG8+jjxlrxTr9RC:rUXqugZtMUMvnUGQ/m4ZkyBRUPD9jxlY

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

    • Target

      $PLUGINSDIR/ExecDos.dll

    • Size

      6KB

    • MD5

      774e3b33d151413dc826bf2421cd51e8

    • SHA1

      ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

    • SHA256

      91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

    • SHA512

      3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

    • SSDEEP

      96:38IgHUv7jr2GJ+dfuitjFVsDtwC6OcgHl7cFi1cyMV7WhWuaW:dCajridfjR6tw1OjHl7cE1KyhWua

    Score
    3/10
    discovery
    behavioral2

    • Target

      $PLUGINSDIR/nsDui.dll

    • Size

      618KB

    • MD5

      436289131016b2648f2a342451a9c995

    • SHA1

      388caedb41e68469ad00eab8e62aa3b002663f86

    • SHA256

      1cb0cedde69de350d290c533d9c9a8b55f16840a852e6451ae0cad3b4d1f65e4

    • SHA512

      802d06b1984a55280a8e4acd336cc52a4b019592e9394fa4be4dd39118b8c8a9eb009cf3af23569e86d3886f5dc7b99685a5b23bab5c2d457f6f4fed31c75fe1

    • SSDEEP

      12288:gs39sE3to5A4pUN4ni9toSru6JGNpSBKad1vubD5OAf+l:5l3toB24iBu6JEpSsZ

    Score
    3/10
    discovery
    behavioral3

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      88d3e48d1c1a051c702d47046ade7b4c

    • SHA1

      8fc805a8b7900b6ba895d1b809a9f3ad4c730d23

    • SHA256

      51da07da18a5486b11e0d51ebff77a3f2fcbb4d66b5665d212cc6bda480c4257

    • SHA512

      83299dd948b40b4e2c226256d018716dbacfa739d8e882131c7f4c028c0913bc4ed9d770deb252931f3d4890f8f385bd43dcf2a5bfe5b922ec35f4b3144247a7

    Score
    3/10
    discovery
    behavioral4

    • Target

      DuiLib_d.dll

    • Size

      1.4MB

    • MD5

      276e533e839d91cd0feee28174cbb4bc

    • SHA1

      b80680fde51bf14afb2435dc40213bd76bc5d793

    • SHA256

      9e6d9873c91dff03b1c0477377f818ce5d9f202aed16083e45aa7943360e6525

    • SHA512

      6590601d587fd67ed714e4f1f42c50b962847ca81cbd71a2d0429c57134cc278a36c8de7ea934cf60fa7528d97787e7eb0a8dda5eb617dffea69fc4570b0e2d7

    • SSDEEP

      24576:07HQN0NYDjfM6W/shsuX2OYEtnsyIjpj8N5WbhI5/uZKM:0LQNIE1KAoyIq2bbsM

    Score
    3/10
    discovery
    behavioral5

    • Target

      DuiLib_u.dll

    • Size

      853KB

    • MD5

      679ed4fd849cabeb4151217ce65aa5de

    • SHA1

      19ce8b0f35ecb7be1763717286d466a294494b81

    • SHA256

      d0ba98b2690cce0d9df4447440edf9a06abd38fc3a9e159ea000cb643f369a2a

    • SHA512

      c5e19eaf22e3f2bff7c508b049c52333fece2c2222eaecfc8ecebfa2f80168f48c2d95292e19e7a8d2541ed7a4d42883604ba27f8868855da59f9bc47ff04456

    • SSDEEP

      12288:0HX+KxMYZNKFMuNK3kVqq3XJV9bUkCg1qZnfXUb4r08QlC+yAnmnX87kfy:4KFw0Z3XJ7bUy1gXUbbGy

    Score
    3/10
    discovery
    behavioral6

    • Target

      DuiLib_ud.dll

    • Size

      1.4MB

    • MD5

      eb9c3d4ae276b40543cae5564664234c

    • SHA1

      8871a4554ed5cdb6a9bb6d110a8a50ed1c574097

    • SHA256

      9acd454a4ec92332c7c18f4d13c1777ba3f5a9ec04b06bc45face5a63b5751f0

    • SHA512

      58eefb17108d52db45ec5c8d729cad5c862ddc23d8fbdd31efea701835d79e75af4de76c73def0817cadf43f4e41083e13eec3e61b348c0c771c8c6ab684afe2

    • SSDEEP

      24576:GX5uOXeGlHrcXCkcPqCpQYnFOceiUN0dpl9jmB98:GX5MKLcXCVucmQpM8

    Score
    3/10
    discovery
    behavioral7

    • Target

      DuilibPreview.exe

    • Size

      102KB

    • MD5

      434c73741e8a244f1ad81ca7efcfda5b

    • SHA1

      c65613acd3abc393e1f9f466cd8b5af6cbf6da74

    • SHA256

      77f51a6762b2b8065060c88e2917af39fcc6a323dba03fa764ff69f820280b84

    • SHA512

      6985bae47a6da4cb4fc54e34d314236b5570f43b2b0a1b47e26463305fdc35a3de1bc7f23dae81e3e7dcf224dd2a7865c219f56c921b4ef418e8b300d185922a

    • SSDEEP

      1536:XxUi/gpu3pwysvt9J63Xk6jka+kVBbxcjZ+R+cjstHsWjcdN/XVGsEnFb:XxUi/gsOyMkHk6jka9ijZ+RwoBVGNFb

    Score
    3/10
    discovery
    behavioral8

MITRE ATT&CK Enterprise v15

Tasks