b08c7b02968a250abbc5520008216ddcf0a9d67fcb87c00f2b4d89b64844aa56 | Triage

Sharing

General

Target

launchergbdpi.8.8_pass_332211.rar
Size

2.7MB
Sample

240929-lv1hrayenq
MD5

22506a724d9cf061b858ac89af00eb65
SHA1

38205b6ba2d7458a9886f309dfbb9d68d852a085
SHA256

b08c7b02968a250abbc5520008216ddcf0a9d67fcb87c00f2b4d89b64844aa56
SHA512

f892429c1b2e4ffbae7efb35f5daa2fbef0df1a14ebbb0d11b2aa16d0e31c2d6a34c8361fd49d409f993d4ad654dc8e9b9903d8de1ca053b0142754e274edf48
SSDEEP

49152:gPztvvZSLiow81BL431SIQdRY+KcPztvvZSLioyJ4431SIQdRY5KQ:ytZSOowi8HQdRVtZSOoyhHQdRG

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  GoodbyeDPI 0.2.3rc3 - Launcher 8.8/x64/Launcher for GoodbyeDPI.exe
- Size
  
  1.7MB
- MD5
  
  ced1ba578bc18f0cf784fea79155e685
- SHA1
  
  291f40ef9f88ed762662ac1185bb1c1ecb92a7c8
- SHA256
  
  f0d65b5d2dc9a836f6975e8a1a44f154140165d21354dc687a90126702c5f5e1
- SHA512
  
  db710704c78b4c6f9ad7101f8c4745dcb28c33c51258b2eae1b6a9382069db4ac036abf3f4e193e7c6141ea492dd15c43eaade48dcb74b25895698a897f0aaad
- SSDEEP
  
  24576:WEj50CsjEAhoknIezRz4fsfT1YGzH5br9kbpziyesdY4Yv6l7Shs2HkFNG5N:xmNgKoSRUqT1dH5br9klziyeb
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  GoodbyeDPI 0.2.3rc3 - Launcher 8.8/x64/WinDivert.dll
- Size
  
  46KB
- MD5
  
  88e1c19b978436258f7c938013408a8a
- SHA1
  
  09b77c8c85757e11667a7b83231598dd67fe0b8b
- SHA256
  
  6110bfa44667405179c3e15e12af1b62037e447ed59b054b19042032995e6c7e
- SHA512
  
  eaa0d8369b76fd9a4978f14702716ae31d801cd0dc36a86531f9320b4ddb683265c4f0e07af2b9d2e85f513270d98d1b11ae7d501d08287442bc505176d16e14
- SSDEEP
  
  768:itSVluu2agCfRSB3QEw2VWHxWYuaO6JXtltdUUwhqWB8TicI:bUZWECHxWDABdIyTic
Score

1^/10
behavioral3 behavioral4
- Target
  
  GoodbyeDPI 0.2.3rc3 - Launcher 8.8/x64/WinDivert64.sys
- Size
  
  89KB
- MD5
  
  6a33620de63bccaf5e5314ee49cd58fb
- SHA1
  
  ac728b339681b2e27099fecc1419821f01d04b34
- SHA256
  
  e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50
- SHA512
  
  638d1b8aa4dc0e4ac504f51aaa3ec8375ccc3d69a4d36821f6bb98060b58586007f47966b9d58d222b9f067e12e80755f56559286cbabec8746146acaf24f945
- SSDEEP
  
  1536:8ovgCRgYL/h//oJJw5AdPtey2AyWpdsihch9WXi2v6MuO2:84jmJJsKle9A5pdsiqg/vsO2
Score

1^/10
behavioral5
- Target
  
  GoodbyeDPI 0.2.3rc3 - Launcher 8.8/x64/goodbyedpi.exe
- Size
  
  99KB
- MD5
  
  6de34193ecd4f35194fa553673fbf735
- SHA1
  
  93ca142b2f0646ecd6d606f7e627ef620b9d035d
- SHA256
  
  77d198f7eea22d714fc870b6f805fbe5edcf50f3d7d5bca33d9f31a90a1b12e4
- SHA512
  
  5cfbf22770e239df58c1412a79f78b0349c0ee1f50c76c0355fa9d8e999e4ba490a7d64a6974f0064608661b85032b169db7a2278465da4d08e48519320cd554
- SSDEEP
  
  1536:JuiGy47Y/sFTEx/H6+FI87tZQkMvKghPf651LzTe0yNgnIcm:JTGy47Y/sFTExysf7PQ9KghP43rUgID
Score

1^/10
behavioral6 behavioral7
- Target
  
  GoodbyeDPI 0.2.3rc3 - Launcher 8.8/x86/Launcher for GoodbyeDPI.exe
- Size
  
  1.7MB
- MD5
  
  ced1ba578bc18f0cf784fea79155e685
- SHA1
  
  291f40ef9f88ed762662ac1185bb1c1ecb92a7c8
- SHA256
  
  f0d65b5d2dc9a836f6975e8a1a44f154140165d21354dc687a90126702c5f5e1
- SHA512
  
  db710704c78b4c6f9ad7101f8c4745dcb28c33c51258b2eae1b6a9382069db4ac036abf3f4e193e7c6141ea492dd15c43eaade48dcb74b25895698a897f0aaad
- SSDEEP
  
  24576:WEj50CsjEAhoknIezRz4fsfT1YGzH5br9kbpziyesdY4Yv6l7Shs2HkFNG5N:xmNgKoSRUqT1dH5br9klziyeb
Score

7^/10

discovery defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- System Binary Proxy Execution: Rundll32
  Abuse Rundll32 to proxy execution of malicious code.
  defense_evasion
behavioral8 behavioral9
- Target
  
  GoodbyeDPI 0.2.3rc3 - Launcher 8.8/x86/WinDivert.dll
- Size
  
  42KB
- MD5
  
  1cb0efd60883b5637b31bf46c34ae199
- SHA1
  
  b91de8d5f072f8c6aabd029d96568effdd5662d9
- SHA256
  
  625ffdd95bfabff32d0e8a95beabcd303c01c8bba73b90402d4e84d6e15dd8e5
- SHA512
  
  68c7c257b8cd28011f4b9af09b1e4c7b3d69c6f1457ca6f68fe114fcb382e470b87b9c12ca5d6d4aedd27a103a35fac9093c08b288867cceb9621a60ac70a6f7
- SSDEEP
  
  768:/BD4bCa+EfZ9+EwleNwYLWKkR9c5s1R2wdRt7JtXwxwprTKkimOyd:/BD4bCofZ8VYwYyKkR9c542wdRQ0TKkV
Score

3^/10

discovery
behavioral10 behavioral11
- Target
  
  GoodbyeDPI 0.2.3rc3 - Launcher 8.8/x86/WinDivert32.sys
- Size
  
  75KB
- MD5
  
  cd477ee96ff05cacda8ac3c0e9316d7a
- SHA1
  
  68da0c17728aa672f140477b3822aefb5810c8b5
- SHA256
  
  29ca5ceb59c9c6993a349e82b1fd46078e6f8a302764153ab84fa22e382fcdca
- SHA512
  
  27e13504eb291a5324d824360532ca6d19c409022c72f5609ca55f92558388e3f25f1e8d657afd3d1e4f9ea9c082483c954d6f4e89df049e4f732383a04adcad
- SSDEEP
  
  1536:tVYIJtdRHzb+uzucD5GYLKYaU6s8BLcHWXizv65Q4:tmidRHzMcDQY/aC8B8gevL4
Score

1^/10
behavioral12
- Target
  
  GoodbyeDPI 0.2.3rc3 - Launcher 8.8/x86/WinDivert64.sys
- Size
  
  89KB
- MD5
  
  6a33620de63bccaf5e5314ee49cd58fb
- SHA1
  
  ac728b339681b2e27099fecc1419821f01d04b34
- SHA256
  
  e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50
- SHA512
  
  638d1b8aa4dc0e4ac504f51aaa3ec8375ccc3d69a4d36821f6bb98060b58586007f47966b9d58d222b9f067e12e80755f56559286cbabec8746146acaf24f945
- SSDEEP
  
  1536:8ovgCRgYL/h//oJJw5AdPtey2AyWpdsihch9WXi2v6MuO2:84jmJJsKle9A5pdsiqg/vsO2
Score

1^/10
behavioral13
- Target
  
  GoodbyeDPI 0.2.3rc3 - Launcher 8.8/x86/goodbyedpi.exe
- Size
  
  98KB
- MD5
  
  d09972e20765aa11553a6813c3421dcd
- SHA1
  
  161f5b1baa0606c4194021e4c26b07780673793d
- SHA256
  
  fd22d344496181d06d8bbf3f630cc2f49c771a3f9fb710f58c8c09c670354447
- SHA512
  
  3d56b92a9b4ddef56a46394ca86231f188c6c19b7bd465c7fdf576482ced237ca8a79c5af79b4561f6271ea340552e943b28c8db9684717b96c42ad05e9a21b1
- SSDEEP
  
  3072:+jnYfjFO9vbnTrjP7HzfLXDvnTr3jP7HzfLXDvbnT/rjI3XLS84fUgIDJO:SkRO9vbnTrjP7HzfLXDvnTr3jP7HzfLZ
Score

3^/10

discovery
behavioral14 behavioral15

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

System Binary Proxy Execution

Rundll32

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

defense_evasiondiscovery

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15