Overview
overview
10Static
static
3ggpermV3/A...64.exe
windows7-x64
1ggpermV3/A...64.exe
windows10-2004-x64
1ggpermV3/F...er.bat
windows7-x64
1ggpermV3/F...er.bat
windows10-2004-x64
1ggpermV3/N...on.dll
windows7-x64
1ggpermV3/N...on.dll
windows10-2004-x64
1ggpermV3/S...UI.dll
windows7-x64
1ggpermV3/S...UI.dll
windows10-2004-x64
1ggpermV3/T...er.exe
windows7-x64
ggpermV3/T...er.exe
windows10-2004-x64
ggpermV3/a...64.sys
windows7-x64
1ggpermV3/a...64.sys
windows10-2004-x64
1ggpermV3/ggpermV3.exe
windows7-x64
3ggpermV3/ggpermV3.exe
windows10-2004-x64
3ggpermV3/m...er.bat
windows7-x64
3ggpermV3/m...er.bat
windows10-2004-x64
3ggpermV3/s...er.exe
windows7-x64
1ggpermV3/s...er.exe
windows10-2004-x64
1ggpermV3/s...er.exe
windows7-x64
1ggpermV3/s...er.exe
windows10-2004-x64
1ggpermV3/woof.bat
windows7-x64
8ggpermV3/woof.bat
windows10-2004-x64
8General
-
Target
ggpermV3.rar
-
Size
1.0MB
-
Sample
241109-2qkjqssrdz
-
MD5
ed2426ae5c805995c7d688f00a7b48ac
-
SHA1
f43458fc7d1915ba608bc6adc4acf94359a4dd94
-
SHA256
c4d74e49c44c880ec1b4cdede24423872f931e617b33d6bdba31e0534a12b809
-
SHA512
412d9443881c771c9799fc708991c8af0ba7caa83ae0b135e42e9a0c0ddd19961b55bd0353666d20c4344405e820f69b65dc947a5028a8f998ab10a18b189b64
-
SSDEEP
24576:s/zhFNfCWngFSp+6ev8ypq5uKxWRbdZl2:uxvngFS0KyEQl2
Static task
static1
Behavioral task
behavioral1
Sample
ggpermV3/AMIDEWINx64.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ggpermV3/AMIDEWINx64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
ggpermV3/Final_Cleaner.bat
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
ggpermV3/Final_Cleaner.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
ggpermV3/Newtonsoft.Json.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
ggpermV3/Newtonsoft.Json.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
ggpermV3/Siticone.UI.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
ggpermV3/Siticone.UI.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
ggpermV3/Trinity Cleaner.exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
ggpermV3/Trinity Cleaner.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
ggpermV3/amifldrv64.sys
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
ggpermV3/amifldrv64.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
ggpermV3/ggpermV3.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
ggpermV3/ggpermV3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
ggpermV3/macchanger.bat
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
ggpermV3/macchanger.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
ggpermV3/sxghr-driver.exe
Resource
win7-20241023-en
Behavioral task
behavioral18
Sample
ggpermV3/sxghr-driver.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
ggpermV3/sxghr-driver.exe
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
ggpermV3/sxghr-driver.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
ggpermV3/woof.bat
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
ggpermV3/AMIDEWINx64.EXE
-
Size
453KB
-
MD5
6a6505b2413d2c7b16c6d059448db9e5
-
SHA1
dfe6c6b6051c26326a12dc9d0d5701cb4728266c
-
SHA256
53e3b72f8eb13acf3cb69d4cb124e8dc64fc541555c3c95cc8003b8046853955
-
SHA512
1c0531581f0efe683ab763f6633ace60f0637b22830e7ec551babe19ac777a1a6821dc568bce13a8abee8bfef1c7d9397e0bee1c78c00810c65dadd788dab2a3
-
SSDEEP
6144:JIeh4+TOKGuTSuXCJ6AtCoZPhGL/TnJ+z5rsxQhsCI9t/tk7MP:jpPTxXihA+zBhsC2Z
Score1/10 -
-
-
Target
ggpermV3/Final_Cleaner.bat
-
Size
107KB
-
MD5
98f1a0eebcb5f4798662a40323b05a7e
-
SHA1
068e288005c04b8d859c44d3767613a8036bdb11
-
SHA256
00023ce602db623e47de1029595339eec4ee5019c6017236c9b721cac0ae4032
-
SHA512
6cfda16ce56b1173b91bd86c0f977f022a0b01a77142a15f66d865ee3f00ffee6aa2df7571edcccac41f7d680a9c4c536991abd91e86a00b083b8f9f37a39cf7
-
SSDEEP
768:S/KZzmezF/svUsfg8gVhCBL1oPYdxCA1n5xpoL8oPlRPrPEPupL5LvLpLjLgwJyo:Kg8gUDRnvplQL5LvLpLjLnn
Score1/10 -
-
-
Target
ggpermV3/Newtonsoft.Json.dll
-
Size
695KB
-
MD5
195ffb7167db3219b217c4fd439eedd6
-
SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8
-
SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
-
SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
SSDEEP
12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score1/10 -
-
-
Target
ggpermV3/Siticone.UI.dll
-
Size
1.3MB
-
MD5
750c58af2e56b6addecffcf152520ab8
-
SHA1
14995e7f1d12498606d9d209d78d55fe6fd87802
-
SHA256
27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
-
SHA512
2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
-
SSDEEP
24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score1/10 -
-
-
Target
ggpermV3/Trinity Cleaner.exe
-
Size
752KB
-
MD5
5ff39c44ff3eaf7798bffa670fb4b600
-
SHA1
cd22cc93964fdeb470460642c44fd4ce31f3bf1e
-
SHA256
fd5d49ac3a9a4130261f43ef6e6c9c6a4a317e7ba421f88e22e0fbe96fd45429
-
SHA512
6ec8f1e38d78a773f8b0764f7aa5d8902c8c556a2583bdf62b6485e093c8a193b5965e3d908abe60d80b0fc690e2def7721aa896f14f6e77c80f72aa11fa3878
-
SSDEEP
12288:FBTyBtZmiNYQtIFc5oiJfJulj1CBMeIFjKuQdGhSaApNrWSvUghmjpoVb3/k2JP:eBtZicIFc5oiJfJulj1CBMeIFjKuQdGP
-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
-
-
Target
ggpermV3/amifldrv64.sys
-
Size
18KB
-
MD5
785045f8b25cd2e937ddc6b09debe01a
-
SHA1
029c678674f482ababe8bbfdb93152392457109d
-
SHA256
37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
-
SHA512
40bbeb41816146c7172aa3cf27dace538908b7955171968e1cddcd84403b2588e0d8437a3596c2714ccdf4476eefa3d4e61d90ea118982b729f50b03df1104a9
-
SSDEEP
384:Cf8OVN6UDYm+b10HMHd6xhxuGZBBfSZsHLPK6jz/cf:CffV8KApCMMxDuIPKgwf
Score1/10 -
-
-
Target
ggpermV3/ggpermV3.exe
-
Size
62KB
-
MD5
eac37455baace3357722d2bc5cf40be9
-
SHA1
bfbb2b0f876a0784e5a0d78b7981b27254c0a766
-
SHA256
e333b29fa06d2138c9a4c634fde1fe4212bd2a027c0175008001c8af60d34053
-
SHA512
78065623e0bafa450e49c91b700da3a31536033d005a6d20126cc886bc1075788a4e5d5f7b689b47c4eea01f58f797e696f06038dd967b6143d07204048ad067
-
SSDEEP
1536:eh4f8xsBb7KAMFYieXfRc/onjx6FXs+ceAP5w:bBbnRJfROqwFcZbP5w
Score3/10 -
-
-
Target
ggpermV3/macchanger.bat
-
Size
2KB
-
MD5
c0b8d81370dd4defc9317dc6c204d581
-
SHA1
fa2b6a292c398d2a2febbdddcf39a62ffbb6fb23
-
SHA256
4d8d40a7e435fc815d088d7309a6bece3a9d798b4fb8170ca3d9c4c7c8c6784f
-
SHA512
271552179a651414d8b321017a8675a1cd09ac83394cc014453d28f1837b60db657b1d75362af71d075b1f4e33ac5eedf6556a43709589a6159c4d0ef2d00828
Score3/10 -
-
-
Target
ggpermV3/sxghr-driver.dll
-
Size
5KB
-
MD5
7941cb95d1182b91c1128ecaa566f22c
-
SHA1
cf2e82d486ec7364515e34561ac2e1b5c457b8c5
-
SHA256
70d8f0ce3cb2651052a628564e2ce0d715822fad141273c65892cd5515bc7741
-
SHA512
89b9f7ed06a562a84f98c51541fa98661222be1b3deb638c3b83aa44150749b668c9e2f1b74d8f5010ea1085d3e64f8e1257e32b5a33dcb08eb182ddc58721d7
-
SSDEEP
48:6Ksdk+U/8KC01Jf/pujgRPVTlMdSHj+cFRKwZaQ7KcmFxeJ6+XtXKXBlagc1w7lQ:L0jgV4da++RKwZaAKzFWTsGa80pzNt
Score1/10 -
-
-
Target
ggpermV3/sxghr-driver.exe
-
Size
137KB
-
MD5
84c83f1f50bed460d9bd13fa4d83304b
-
SHA1
e4c17ffcc97654efa537310f81702d922b3101f3
-
SHA256
a89fcdf02e9d587c2c00cbfa5efada6b308f62d7d8a296f7a1cfc8c4991de375
-
SHA512
4d19b7c31265507c7962a45c2babd266bd8dceae4e9d3cd3c9359083c066a77028158790f3f14cbb22a46ec90d754efa6fa811774b330f6910b7e5576335c289
-
SSDEEP
3072:1efQZKfOC31VwyY9egNtfNjJvjmqqF7Hb/LMm5MqDC:1DewyY9egLRePYm5B
Score1/10 -
-
-
Target
ggpermV3/woof.bat
-
Size
1KB
-
MD5
9dfe4e730dcc5e0d3951038ad2a095a1
-
SHA1
e033d9a40234b9544606ec4d603add264cb38841
-
SHA256
bfffd2faf6710e02912de0eec63b593f35a8bebef114932b4a4bc9c67fad59b8
-
SHA512
297e9950fd207687af957a94c5fb7d073bb89dcebdd6ee047fa0465f55bb95b42563c7310980bf1e41ca671a1f8c824e86dfe515b844f99f307965d199d8dbfd
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1System Services
1Service Execution
1Windows Management Instrumentation
1Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Direct Volume Access
1Impair Defenses
2Disable or Modify System Firewall
1Indicator Removal
3File Deletion
3Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1