Analysis
-
max time kernel
92s -
max time network
95s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
10/11/2024, 21:20
Behavioral task
behavioral1
Sample
GooberWasHereInstaller.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
GooberWasHereInstaller.exe
Resource
win11-20241007-en
General
-
Target
GooberWasHereInstaller.exe
-
Size
30.6MB
-
MD5
9ef155ff8ec0904373cb5892299986ce
-
SHA1
4d0d5ff53a3128a0602b2e407347df66da7a5b04
-
SHA256
a0e416c96ea6bdf382b391682a7fc1226dc16dd4a2b68466dbe86ec427540f29
-
SHA512
f39059c9a0155a55e8f4b4c5504cd633e2e336d6b3d6c4acdeff1b429fea190dda3c8439ad1027c6f9539699f15afa5ac4979947bc679cb9ca3d7bf80f53e0aa
-
SSDEEP
786432:cEMMszwm8ZsfO0xBVuy/ZJddkuAizgitBotEyQai1OkXlpB7XMliXo:ckWwXZmO0Pwy//Drgi3otcR7B7Xo
Malware Config
Signatures
-
Drops file in Program Files directory 10 IoCs
description ioc Process File created C:\Program Files (x86)\GooberWasHere\assets\PAYLOAD1_COM.exe GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\config\cfg.ini GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\mods\INSTALL_MODS.md GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\temp\Blob3819.tmp GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\temp\TempGooberData.tmp GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\GWHLauncher.bat GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\assets\NOTE.png GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\assets\PAYLOAD2_COM.exe GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\PLAYERDATA\player.json GooberWasHereInstaller.exe File created C:\Program Files (x86)\GooberWasHere\SAVES\save1.sav GooberWasHereInstaller.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GooberWasHereInstaller.exe