General

  • Target

    GLP_installer_900223152_com.activision.callofduty.shooter.exe

  • Size

    3.6MB

  • Sample

    240825-l7m37a1aml

  • MD5

    ffdae295997fa24ba82bfbbf8a264e08

  • SHA1

    e716d310d8dc7ca56785e432226aef621eb16afc

  • SHA256

    5ad1c96fb46f820479d9244c0f7d33a76924263c7a19f1a217926863cd932dfa

  • SHA512

    810bb8ccaed219451fb94a277b7b9d1f422392575de4e055b042d4221a65d4e37607dae66c32f2d7daf4cc41afcee9ab672f5861833de42b2db8f36fd710e55f

  • SSDEEP

    49152:7H+h/5pzoJmJ2cey6mfoMm5WMzktmR2Gg2u2qtbMvlvLWH9WAKHRPCpTpH6XePDx:7H+hIMYceyboMYYtmReAAqdXPqn

Malware Config

Targets

    • Target

      GLP_installer_900223152_com.activision.callofduty.shooter.exe

    • Size

      3.6MB

    • MD5

      ffdae295997fa24ba82bfbbf8a264e08

    • SHA1

      e716d310d8dc7ca56785e432226aef621eb16afc

    • SHA256

      5ad1c96fb46f820479d9244c0f7d33a76924263c7a19f1a217926863cd932dfa

    • SHA512

      810bb8ccaed219451fb94a277b7b9d1f422392575de4e055b042d4221a65d4e37607dae66c32f2d7daf4cc41afcee9ab672f5861833de42b2db8f36fd710e55f

    • SSDEEP

      49152:7H+h/5pzoJmJ2cey6mfoMm5WMzktmR2Gg2u2qtbMvlvLWH9WAKHRPCpTpH6XePDx:7H+hIMYceyboMYYtmReAAqdXPqn

    • Renames multiple (93) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks