Overview
overview
7Static
static
3GooberWasH...er.exe
windows11-21h2-x64
4GWHLauncher.bat
windows11-21h2-x64
7PLAYERDATA...r.json
windows11-21h2-x64
3assets/NOTE.png
windows11-21h2-x64
3assets/PAY...OM.exe
windows11-21h2-x64
7PAYLOAD1_COM.pyc
windows11-21h2-x64
3assets/PAY...OM.exe
windows11-21h2-x64
7payload.pyc
windows11-21h2-x64
3config/cfg.ini
windows11-21h2-x64
3mods/INSTALL_MODS.md
windows11-21h2-x64
3Analysis
-
max time kernel
440s -
max time network
461s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
10/11/2024, 21:15
Behavioral task
behavioral1
Sample
GooberWasHereInstaller.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
GWHLauncher.bat
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
PLAYERDATA/player.json
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
assets/NOTE.png
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
assets/PAYLOAD1_COM.exe
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
PAYLOAD1_COM.pyc
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
assets/PAYLOAD2_COM.exe
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
payload.pyc
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
config/cfg.ini
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
mods/INSTALL_MODS.md
Resource
win11-20241007-en
General
-
Target
GooberWasHereInstaller.exe
-
Size
30.6MB
-
MD5
9ef155ff8ec0904373cb5892299986ce
-
SHA1
4d0d5ff53a3128a0602b2e407347df66da7a5b04
-
SHA256
a0e416c96ea6bdf382b391682a7fc1226dc16dd4a2b68466dbe86ec427540f29
-
SHA512
f39059c9a0155a55e8f4b4c5504cd633e2e336d6b3d6c4acdeff1b429fea190dda3c8439ad1027c6f9539699f15afa5ac4979947bc679cb9ca3d7bf80f53e0aa
-
SSDEEP
786432:cEMMszwm8ZsfO0xBVuy/ZJddkuAizgitBotEyQai1OkXlpB7XMliXo:ckWwXZmO0Pwy//Drgi3otcR7B7Xo
Malware Config
Signatures
-
Drops file in Program Files directory 10 IoCs
description ioc Process File created C:\Program Files (x86)\GooberWasHere\assets\PAYLOAD1_COM.exe GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\assets\PAYLOAD2_COM.exe GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\config\cfg.ini GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\mods\INSTALL_MODS.md GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\temp\Blob3819.tmp GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\PLAYERDATA\player.json GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\SAVES\save1.sav GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\assets\NOTE.png GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\temp\TempGooberData.tmp GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\GWHLauncher.bat GooberWasHereInstaller.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GooberWasHereInstaller.exe