Overview
overview
7Static
static
3GooberWasH...er.exe
windows11-21h2-x64
4GWHLauncher.bat
windows11-21h2-x64
7PLAYERDATA...r.json
windows11-21h2-x64
3assets/NOTE.png
windows11-21h2-x64
3assets/PAY...OM.exe
windows11-21h2-x64
7PAYLOAD1_COM.pyc
windows11-21h2-x64
3assets/PAY...OM.exe
windows11-21h2-x64
7payload.pyc
windows11-21h2-x64
3config/cfg.ini
windows11-21h2-x64
3mods/INSTALL_MODS.md
windows11-21h2-x64
3Analysis
-
max time kernel
443s -
max time network
445s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
10/11/2024, 21:15
Behavioral task
behavioral1
Sample
GooberWasHereInstaller.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
GWHLauncher.bat
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
PLAYERDATA/player.json
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
assets/NOTE.png
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
assets/PAYLOAD1_COM.exe
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
PAYLOAD1_COM.pyc
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
assets/PAYLOAD2_COM.exe
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
payload.pyc
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
config/cfg.ini
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
mods/INSTALL_MODS.md
Resource
win11-20241007-en
General
-
Target
mods/INSTALL_MODS.md
-
Size
2KB
-
MD5
7e2e8cb1f39a2ba27ca1877e190a2edf
-
SHA1
0dde9c996ae640c742e419635668f873f1a4a529
-
SHA256
61060658679fa5d2b7a60a88d86840b1d438e5f7d1ca30720a8e1c3615a1b0fc
-
SHA512
0ccf9632d821fac3bd6ba2baf4a2ad12e582b04180051ef7356385e6d1a062e027e520f9e14888e9c28bb09e6b3fc6d336e49021f632c88f5c57537a98379153
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3268 OpenWith.exe