c4d74e49c44c880ec1b4cdede24423872f931e617b33d6bdba31e0534a12b809

Resubmissions

09/11/2024, 22:49 UTC

241109-2r2veatfrl 10

09/11/2024, 22:47 UTC

241109-2qkjqssrdz 10

09/11/2024, 22:46 UTC

241109-2p2fvstfqj 10

09/11/2024, 22:44 UTC

241109-2nsgkasrbt 10

07/11/2024, 16:00 UTC

241107-tfl1taxpgl 10

10/02/2024, 17:17 UTC

240210-vtnl8sge36 10

Sharing

Copy URL

Twitter E-mail

General

Target

ggpermV3.rar
Size

1.0MB
Sample

241109-2qkjqssrdz
MD5

ed2426ae5c805995c7d688f00a7b48ac
SHA1

f43458fc7d1915ba608bc6adc4acf94359a4dd94
SHA256

c4d74e49c44c880ec1b4cdede24423872f931e617b33d6bdba31e0534a12b809
SHA512

412d9443881c771c9799fc708991c8af0ba7caa83ae0b135e42e9a0c0ddd19961b55bd0353666d20c4344405e820f69b65dc947a5028a8f998ab10a18b189b64
SSDEEP

24576:s/zhFNfCWngFSp+6ev8ypq5uKxWRbdZl2:uxvngFS0KyEQl2

Score

10^/10

Malware Config

Targets

- Target
  
  ggpermV3/AMIDEWINx64.EXE
- Size
  
  453KB
- MD5
  
  6a6505b2413d2c7b16c6d059448db9e5
- SHA1
  
  dfe6c6b6051c26326a12dc9d0d5701cb4728266c
- SHA256
  
  53e3b72f8eb13acf3cb69d4cb124e8dc64fc541555c3c95cc8003b8046853955
- SHA512
  
  1c0531581f0efe683ab763f6633ace60f0637b22830e7ec551babe19ac777a1a6821dc568bce13a8abee8bfef1c7d9397e0bee1c78c00810c65dadd788dab2a3
- SSDEEP
  
  6144:JIeh4+TOKGuTSuXCJ6AtCoZPhGL/TnJ+z5rsxQhsCI9t/tk7MP:jpPTxXihA+zBhsC2Z
Score

1^/10
behavioral1 behavioral2
- Target
  
  ggpermV3/Final_Cleaner.bat
- Size
  
  107KB
- MD5
  
  98f1a0eebcb5f4798662a40323b05a7e
- SHA1
  
  068e288005c04b8d859c44d3767613a8036bdb11
- SHA256
  
  00023ce602db623e47de1029595339eec4ee5019c6017236c9b721cac0ae4032
- SHA512
  
  6cfda16ce56b1173b91bd86c0f977f022a0b01a77142a15f66d865ee3f00ffee6aa2df7571edcccac41f7d680a9c4c536991abd91e86a00b083b8f9f37a39cf7
- SSDEEP
  
  768:S/KZzmezF/svUsfg8gVhCBL1oPYdxCA1n5xpoL8oPlRPrPEPupL5LvLpLjLgwJyo:Kg8gUDRnvplQL5LvLpLjLnn
Score

1^/10
behavioral3 behavioral4
- Target
  
  ggpermV3/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  195ffb7167db3219b217c4fd439eedd6
- SHA1
  
  1e76e6099570ede620b76ed47cf8d03a936d49f8
- SHA256
  
  e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
- SHA512
  
  56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
- SSDEEP
  
  12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score

1^/10
behavioral5 behavioral6
- Target
  
  ggpermV3/Siticone.UI.dll
- Size
  
  1.3MB
- MD5
  
  750c58af2e56b6addecffcf152520ab8
- SHA1
  
  14995e7f1d12498606d9d209d78d55fe6fd87802
- SHA256
  
  27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
- SHA512
  
  2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
- SSDEEP
  
  24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score

1^/10
behavioral7 behavioral8
- Target
  
  ggpermV3/Trinity Cleaner.exe
- Size
  
  752KB
- MD5
  
  5ff39c44ff3eaf7798bffa670fb4b600
- SHA1
  
  cd22cc93964fdeb470460642c44fd4ce31f3bf1e
- SHA256
  
  fd5d49ac3a9a4130261f43ef6e6c9c6a4a317e7ba421f88e22e0fbe96fd45429
- SHA512
  
  6ec8f1e38d78a773f8b0764f7aa5d8902c8c556a2583bdf62b6485e093c8a193b5965e3d908abe60d80b0fc690e2def7721aa896f14f6e77c80f72aa11fa3878
- SSDEEP
  
  12288:FBTyBtZmiNYQtIFc5oiJfJulj1CBMeIFjKuQdGhSaApNrWSvUghmjpoVb3/k2JP:eBtZicIFc5oiJfJulj1CBMeIFjKuQdGP
Score

10^/10

defense_evasion discovery evasion execution impact persistence privilege_escalation ransomware spyware stealer
- Deletes NTFS Change Journal
  The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
  ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral10 behavioral9
- Target
  
  ggpermV3/amifldrv64.sys
- Size
  
  18KB
- MD5
  
  785045f8b25cd2e937ddc6b09debe01a
- SHA1
  
  029c678674f482ababe8bbfdb93152392457109d
- SHA256
  
  37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
- SHA512
  
  40bbeb41816146c7172aa3cf27dace538908b7955171968e1cddcd84403b2588e0d8437a3596c2714ccdf4476eefa3d4e61d90ea118982b729f50b03df1104a9
- SSDEEP
  
  384:Cf8OVN6UDYm+b10HMHd6xhxuGZBBfSZsHLPK6jz/cf:CffV8KApCMMxDuIPKgwf
Score

1^/10
behavioral11 behavioral12
- Target
  
  ggpermV3/ggpermV3.exe
- Size
  
  62KB
- MD5
  
  eac37455baace3357722d2bc5cf40be9
- SHA1
  
  bfbb2b0f876a0784e5a0d78b7981b27254c0a766
- SHA256
  
  e333b29fa06d2138c9a4c634fde1fe4212bd2a027c0175008001c8af60d34053
- SHA512
  
  78065623e0bafa450e49c91b700da3a31536033d005a6d20126cc886bc1075788a4e5d5f7b689b47c4eea01f58f797e696f06038dd967b6143d07204048ad067
- SSDEEP
  
  1536:eh4f8xsBb7KAMFYieXfRc/onjx6FXs+ceAP5w:bBbnRJfROqwFcZbP5w
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  ggpermV3/macchanger.bat
- Size
  
  2KB
- MD5
  
  c0b8d81370dd4defc9317dc6c204d581
- SHA1
  
  fa2b6a292c398d2a2febbdddcf39a62ffbb6fb23
- SHA256
  
  4d8d40a7e435fc815d088d7309a6bece3a9d798b4fb8170ca3d9c4c7c8c6784f
- SHA512
  
  271552179a651414d8b321017a8675a1cd09ac83394cc014453d28f1837b60db657b1d75362af71d075b1f4e33ac5eedf6556a43709589a6159c4d0ef2d00828
Score

3^/10

persistence privilege_escalation
behavioral15 behavioral16
- Target
  
  ggpermV3/sxghr-driver.dll
- Size
  
  5KB
- MD5
  
  7941cb95d1182b91c1128ecaa566f22c
- SHA1
  
  cf2e82d486ec7364515e34561ac2e1b5c457b8c5
- SHA256
  
  70d8f0ce3cb2651052a628564e2ce0d715822fad141273c65892cd5515bc7741
- SHA512
  
  89b9f7ed06a562a84f98c51541fa98661222be1b3deb638c3b83aa44150749b668c9e2f1b74d8f5010ea1085d3e64f8e1257e32b5a33dcb08eb182ddc58721d7
- SSDEEP
  
  48:6Ksdk+U/8KC01Jf/pujgRPVTlMdSHj+cFRKwZaQ7KcmFxeJ6+XtXKXBlagc1w7lQ:L0jgV4da++RKwZaAKzFWTsGa80pzNt
Score

1^/10
behavioral17 behavioral18
- Target
  
  ggpermV3/sxghr-driver.exe
- Size
  
  137KB
- MD5
  
  84c83f1f50bed460d9bd13fa4d83304b
- SHA1
  
  e4c17ffcc97654efa537310f81702d922b3101f3
- SHA256
  
  a89fcdf02e9d587c2c00cbfa5efada6b308f62d7d8a296f7a1cfc8c4991de375
- SHA512
  
  4d19b7c31265507c7962a45c2babd266bd8dceae4e9d3cd3c9359083c066a77028158790f3f14cbb22a46ec90d754efa6fa811774b330f6910b7e5576335c289
- SSDEEP
  
  3072:1efQZKfOC31VwyY9egNtfNjJvjmqqF7Hb/LMm5MqDC:1DewyY9egLRePYm5B
Score

1^/10
behavioral19 behavioral20
- Target
  
  ggpermV3/woof.bat
- Size
  
  1KB
- MD5
  
  9dfe4e730dcc5e0d3951038ad2a095a1
- SHA1
  
  e033d9a40234b9544606ec4d603add264cb38841
- SHA256
  
  bfffd2faf6710e02912de0eec63b593f35a8bebef114932b4a4bc9c67fad59b8
- SHA512
  
  297e9950fd207687af957a94c5fb7d073bb89dcebdd6ee047fa0465f55bb95b42563c7310980bf1e41ca671a1f8c824e86dfe515b844f99f307965d199d8dbfd
Score

8^/10

evasion execution
- Stops running service(s)
  evasion execution
- Drops file in System32 directory
behavioral21 behavioral22