General
-
Target
GLP_installer_900223152_com.activision.callofduty.shooter.exe
-
Size
3.6MB
-
Sample
240825-l7m37a1aml
-
MD5
ffdae295997fa24ba82bfbbf8a264e08
-
SHA1
e716d310d8dc7ca56785e432226aef621eb16afc
-
SHA256
5ad1c96fb46f820479d9244c0f7d33a76924263c7a19f1a217926863cd932dfa
-
SHA512
810bb8ccaed219451fb94a277b7b9d1f422392575de4e055b042d4221a65d4e37607dae66c32f2d7daf4cc41afcee9ab672f5861833de42b2db8f36fd710e55f
-
SSDEEP
49152:7H+h/5pzoJmJ2cey6mfoMm5WMzktmR2Gg2u2qtbMvlvLWH9WAKHRPCpTpH6XePDx:7H+hIMYceyboMYYtmReAAqdXPqn
Static task
static1
Behavioral task
behavioral1
Sample
GLP_installer_900223152_com.activision.callofduty.shooter.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
GLP_installer_900223152_com.activision.callofduty.shooter.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
GLP_installer_900223152_com.activision.callofduty.shooter.exe
-
Size
3.6MB
-
MD5
ffdae295997fa24ba82bfbbf8a264e08
-
SHA1
e716d310d8dc7ca56785e432226aef621eb16afc
-
SHA256
5ad1c96fb46f820479d9244c0f7d33a76924263c7a19f1a217926863cd932dfa
-
SHA512
810bb8ccaed219451fb94a277b7b9d1f422392575de4e055b042d4221a65d4e37607dae66c32f2d7daf4cc41afcee9ab672f5861833de42b2db8f36fd710e55f
-
SSDEEP
49152:7H+h/5pzoJmJ2cey6mfoMm5WMzktmR2Gg2u2qtbMvlvLWH9WAKHRPCpTpH6XePDx:7H+hIMYceyboMYYtmReAAqdXPqn
-
Renames multiple (93) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Pre-OS Boot
1Bootkit
1