Overview

overview

7

Static

static

3

geode-inst...in.exe

windows11-21h2-x64

7

$PLUGINSDI...LL.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

Geode.dll

windows11-21h2-x64

1

GeodeUninstaller.exe

windows11-21h2-x64

7

$PLUGINSDI...LL.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

GeodeUpdater.exe

windows11-21h2-x64

1

VC_redist.x64.exe

windows11-21h2-x64

4

XInput1_4.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    geode-installer-v3.7.1-win.exe

  • Size

    35.2MB

  • Sample

    240928-g8smva1fkm

  • MD5

    4be7c788d50ce236c413a7d913aea84b

  • SHA1

    e865d29c34dce4fc7859b08be5dd9f54e7ec999e

  • SHA256

    11da00c279cb478e78cdb9be2a78571ac8365f7ffc2b5dcfff0ec88a179044c1

  • SHA512

    de68b0f4db16a07b3fd67f2206494c538d9b4b8fef62e7ea0780c748a52c2efcf23829765b5307b5340e3338451c881549a5949a56e4f824e0751ee8b74c294d

  • SSDEEP

    786432:OAJZEscyh/MwPznBon26d6YVNVs8ceDtb/2RxeiB0Awn9XIZM9/:dHpRrOnHJVfrc+b/2RxeBAw9iM9/

Score
7/10
discovery

Malware Config

Targets

    • Target

      geode-installer-v3.7.1-win.exe

    • Size

      35.2MB

    • MD5

      4be7c788d50ce236c413a7d913aea84b

    • SHA1

      e865d29c34dce4fc7859b08be5dd9f54e7ec999e

    • SHA256

      11da00c279cb478e78cdb9be2a78571ac8365f7ffc2b5dcfff0ec88a179044c1

    • SHA512

      de68b0f4db16a07b3fd67f2206494c538d9b4b8fef62e7ea0780c748a52c2efcf23829765b5307b5340e3338451c881549a5949a56e4f824e0751ee8b74c294d

    • SSDEEP

      786432:OAJZEscyh/MwPznBon26d6YVNVs8ceDtb/2RxeiB0Awn9XIZM9/:dHpRrOnHJVfrc+b/2RxeBAw9iM9/

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral1

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      8KB

    • MD5

      313661ec12ed5ce1fd0b3292bf02cb69

    • SHA1

      fd341676cf680a9f0f690c35b43feadc0693e9a8

    • SHA256

      2e08e077a0800ec39c0596f4dd91cbbfa917eeef2d75a00767917b8d1f6884ac

    • SHA512

      a16f35c6019eb1431a3d03fb7d0935c272756f2a8363f541e168a55b2e20a85ee90191715c845ab0588eef8f2af6cf91ac75c5bf1a5d0c61c513339006da9ff2

    • SSDEEP

      96:b0nLo47eYkrGj23kBTPEa8ir2qUuRkNB/RMZCabEO/2/HdNfdpX2N:KoZYkrGj20tEEeYkv/RaCA/2/9h2N

    Score
    3/10
    discovery
    behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      28KB

    • MD5

      81e34f1c4b04a15dbce200c52f598f67

    • SHA1

      f40a922ad7a5494e2aeeaa2b961d96738e888af7

    • SHA256

      b89448b9fd7be5ef215cac6d973a57c0e75e1fffa25552afe174855c9b71fdf9

    • SHA512

      577f52a292075269f0e8ec4c6d243b2ed411872e009839553020929a8263174ad97943f150543e4ea6cb327d95e227f4065441a9d2106b7cabf1cb872dbcc181

    • SSDEEP

      384:xmEs6sVqQq0DwRiGUaLYuAXLaMoy4m973uwYkvZ6YfkzB8yy1Eiu8ILvFd/9:xmEwqZ2wRiGUcY8TBsdvEbB8yyvIJ

    Score
    3/10
    discovery
    behavioral3

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      14KB

    • MD5

      2726673c720a296442c8ed134b41d169

    • SHA1

      b8050c85017fcda78f6b82cc86ad277bb0dbd539

    • SHA256

      778b2bfbf3f4e641161f40c8174442a4d3865f097e3a2a383356dbfcac8005ab

    • SHA512

      95fd8cd96a4c627dfc1a89a98630ead3fe431360ab15f2324a52fdd03b2b493bdc44a4d6d0189276826725ea4e48aeb4711459a459b92a80be51e9431b70bb0b

    • SSDEEP

      192:clWWck581HwPRLG/CocFR1w5nEYkv/RGl5BoiS+6SZSM3CU:Hdk5SoRLG/CocFR62Ykv8l5BoiFXyU

    Score
    3/10
    discovery
    behavioral4

    • Target

      Geode.dll

    • Size

      12.8MB

    • MD5

      b670e2e306a3909a9443bb94b2f0a860

    • SHA1

      ac6b3807a776a8eb016f99bd869c8bdd67fce421

    • SHA256

      8ceb5783c2b967808c9977c702cec3e4f69936db0e77d0d9280705c18d8e9e9f

    • SHA512

      2424884a8243bc82aa169faab3494791d6f966171e3d052d5f49ec670b14850e2be463444367eb379170196393342c394bac9ae8be47e19545c8b633306ba0d5

    • SSDEEP

      98304:X6rbyFZz3cxMU7kl0frSpbcfYz7+Q02aaDic1nk:X6rbqz3cbv+NN7t0kZk

    Score
    1/10
    behavioral5

    • Target

      GeodeUninstaller.exe

    • Size

      158KB

    • MD5

      493e818d337cda5aafe2a4bf2b439a5d

    • SHA1

      404d9e9fb82a27b985d172a0b75649726472fdb4

    • SHA256

      b5edf94d22d7375113e5eeda5b6a8fd96c5dc91855b10cd9e789492aad63d1a5

    • SHA512

      1515032cafa4d3e54f90c876f6e3e008057592ac2ef068aa105bc6fc4c65503385b0e3c4ea04c06f4ce9b3fbe0934f6c09378823cd5ac5f0bbbcaa406320a7fb

    • SSDEEP

      3072:Qrv+LsMjvFsOTb98xQT+5U5qwqhf4y2YsdNPSilHroJ5ko+Y:UWLsKB0Iqy5nKilLoJWY

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral6

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      8KB

    • MD5

      313661ec12ed5ce1fd0b3292bf02cb69

    • SHA1

      fd341676cf680a9f0f690c35b43feadc0693e9a8

    • SHA256

      2e08e077a0800ec39c0596f4dd91cbbfa917eeef2d75a00767917b8d1f6884ac

    • SHA512

      a16f35c6019eb1431a3d03fb7d0935c272756f2a8363f541e168a55b2e20a85ee90191715c845ab0588eef8f2af6cf91ac75c5bf1a5d0c61c513339006da9ff2

    • SSDEEP

      96:b0nLo47eYkrGj23kBTPEa8ir2qUuRkNB/RMZCabEO/2/HdNfdpX2N:KoZYkrGj20tEEeYkv/RaCA/2/9h2N

    Score
    3/10
    discovery
    behavioral7

    • Target

      $PLUGINSDIR/System.dll

    • Size

      28KB

    • MD5

      81e34f1c4b04a15dbce200c52f598f67

    • SHA1

      f40a922ad7a5494e2aeeaa2b961d96738e888af7

    • SHA256

      b89448b9fd7be5ef215cac6d973a57c0e75e1fffa25552afe174855c9b71fdf9

    • SHA512

      577f52a292075269f0e8ec4c6d243b2ed411872e009839553020929a8263174ad97943f150543e4ea6cb327d95e227f4065441a9d2106b7cabf1cb872dbcc181

    • SSDEEP

      384:xmEs6sVqQq0DwRiGUaLYuAXLaMoy4m973uwYkvZ6YfkzB8yy1Eiu8ILvFd/9:xmEwqZ2wRiGUcY8TBsdvEbB8yyvIJ

    Score
    3/10
    discovery
    behavioral8

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      14KB

    • MD5

      2726673c720a296442c8ed134b41d169

    • SHA1

      b8050c85017fcda78f6b82cc86ad277bb0dbd539

    • SHA256

      778b2bfbf3f4e641161f40c8174442a4d3865f097e3a2a383356dbfcac8005ab

    • SHA512

      95fd8cd96a4c627dfc1a89a98630ead3fe431360ab15f2324a52fdd03b2b493bdc44a4d6d0189276826725ea4e48aeb4711459a459b92a80be51e9431b70bb0b

    • SSDEEP

      192:clWWck581HwPRLG/CocFR1w5nEYkv/RGl5BoiS+6SZSM3CU:Hdk5SoRLG/CocFR62Ykv8l5BoiFXyU

    Score
    3/10
    discovery
    behavioral9

    • Target

      GeodeUpdater.exe

    • Size

      90KB

    • MD5

      28bc22778d73d5c29461908344a5936d

    • SHA1

      fbdbad68c2827c2dcac6203d9c66e33ef3b5a9d3

    • SHA256

      b4b7dbc46abb9dceafd6264db71521062857db5c3936da5e92ab97462c01c6e6

    • SHA512

      725a506de5acf0c9a12140908983913c1e607dacedccd9fb3abff9e83b5569e3bf71a81c40c86af0690aec7da9e25fb4a0057917977698574fa85666eab7b47d

    • SSDEEP

      1536:FYXmJEFM8Pj7hXQlAmDIPU3B9Nc4zkdw5avP3Vvt/d5ywB:FEL9czyG5avPH/dw

    Score
    1/10
    behavioral10

    • Target

      VC_redist.x64.exe

    • Size

      24.2MB

    • MD5

      1d545507009cc4ec7409c1bc6e93b17b

    • SHA1

      84c61fadf8cd38016fb7632969b3ace9e54b763a

    • SHA256

      3642e3f95d50cc193e4b5a0b0ffbf7fe2c08801517758b4c8aeb7105a091208a

    • SHA512

      5935b69f5138ac3fbc33813c74da853269ba079f910936aefa95e230c6092b92f6225bffb594e5dd35ff29bf260e4b35f91adede90fdf5f062030d8666fd0104

    • SSDEEP

      786432:tSp+Ty2SfUfnbDDko5dFMYqlQbgAVLSElbmucMuZZxs6Sf:4p+Ty2SfWnHDk8FjVbfzPTq4

    Score
    4/10
    discovery
    behavioral11

    • Target

      XInput1_4.dll

    • Size

      59KB

    • MD5

      14ab4d349af4a368296a14cb99cf52e9

    • SHA1

      375793a04fc3ef62a5b27d049e634e8ad70136be

    • SHA256

      3bdb6f175d915c548758036be4b6ef8fc644ff55cfae3ba86b34ac1f1c66b016

    • SHA512

      eb123f3b82c85672115f27870478d87dbc59ca551c8d4a858462df6a439e55b5c4cc4248e5038cd579fdc8df45a7857f669192ccf15c8d7104e2272e81b8dbfb

    • SSDEEP

      1536:VCAiqLeyHmb+RlzM8a8vtorMAL47qD6KO1:VCf3uMn8FohLHHO

    Score
    1/10
    behavioral12

MITRE ATT&CK Enterprise v15

Tasks