General

  • Target

    GDLauncher__2.0.20__win__x64.exe

  • Size

    110.0MB

  • Sample

    241113-jpjxpsxkay

  • MD5

    8fc32c2810d193e53504cbb4458c9c92

  • SHA1

    8c6fce2a6725aa7cb974ab8a30b98706d4557acf

  • SHA256

    2718e831ac3db9a05ad546de42908348e6aaf55ba5025292d23dc274bfcb6c38

  • SHA512

    97c85ceaaeb06012ae6afceba35ada116e68811dc72d6135e7b6bb18a72da8767b710c314a66dadb9e59cdbd21caff552c369585bfed7598fa3350d96b1096d0

  • SSDEEP

    3145728:aDe4/oxfMzU7Mo+HcWlKEzShIsS3sIlxXznfS:54/YMz+gcWlD6IsS8I7rS

Malware Config

Targets

    • Target

      GDLauncher__2.0.20__win__x64.exe

    • Size

      110.0MB

    • MD5

      8fc32c2810d193e53504cbb4458c9c92

    • SHA1

      8c6fce2a6725aa7cb974ab8a30b98706d4557acf

    • SHA256

      2718e831ac3db9a05ad546de42908348e6aaf55ba5025292d23dc274bfcb6c38

    • SHA512

      97c85ceaaeb06012ae6afceba35ada116e68811dc72d6135e7b6bb18a72da8767b710c314a66dadb9e59cdbd21caff552c369585bfed7598fa3350d96b1096d0

    • SSDEEP

      3145728:aDe4/oxfMzU7Mo+HcWlKEzShIsS3sIlxXznfS:54/YMz+gcWlD6IsS8I7rS

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/SpiderBanner.dll

    • Size

      9KB

    • MD5

      17309e33b596ba3a5693b4d3e85cf8d7

    • SHA1

      7d361836cf53df42021c7f2b148aec9458818c01

    • SHA256

      996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

    • SHA512

      1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

    • SSDEEP

      192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY

    Score
    3/10
    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/WinShell.dll

    • Size

      3KB

    • MD5

      1cc7c37b7e0c8cd8bf04b6cc283e1e56

    • SHA1

      0b9519763be6625bd5abce175dcc59c96d100d4c

    • SHA256

      9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

    • SHA512

      7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

    Score
    3/10
    • Target

      GDLauncher.exe

    • Size

      169.9MB

    • MD5

      be4a0b976dc22fa138414ea983c4055f

    • SHA1

      2e24cbc8b5af690cfe95adc54dcfec1cd6a69e2a

    • SHA256

      20b054c46a52908c4f71727228f409cc02f6e23ac50cc72c9729c4a81159ccd4

    • SHA512

      942733d8d076ccfc5a80c19f8c61191a789b9dd33c0998be1c671ed85b70a1dba14ec94b7318676803e4bd415000fe76ed4ec378527d7fb7d6887d08c750d8b0

    • SSDEEP

      1572864:1s+fxQiW1vVzbHpUcEtmLd7cF3PPHNzLuTe7ulsxM/Gyr/w7VoB4X+x2CFRXQQSl:ce8BWNg3DFxfy

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      LICENSES.chromium.html

    • Size

      8.7MB

    • MD5

      fcb299831276a7c8bdeb036142da1c25

    • SHA1

      bf6990abb92ab627b7f2e7aecbd5a58b86d2e09a

    • SHA256

      6daa3cd398e5380222c6b6bdb4d66a4b4273d4bb74d6bf53495a5722f03ac0dc

    • SHA512

      1e31ac0b6836d24488e32d04b5028ac2a9e00ebd8e29aaf742d9e0cdb50d5a9d4f7bcc3919b22a793552d31aaed2104415268f14e903754bf25a86510fbc98c9

    • SSDEEP

      24576:RQQa6NA6P5dWWSmwRFXe1vmfpV6k626D6b62vCuApj:RWfTF0

    Score
    3/10
    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      5a614e7d0fdfa8b37e8e050361c2909a

    • SHA1

      8ed59dc41bac11ba10344bd426f69a57f9738de9

    • SHA256

      568bcce599c8f67dc31e6472c419002490907d8b0fecca1f93da051d96977071

    • SHA512

      f4fab716de19a77085f4deb85bb682161733d9b9e66a171ca5cfe235587c85d2192660552b44d836eaaf7a68191352ad599258e488921d8bb61d9ed074bf6c77

    • SSDEEP

      49152:1CZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNV:UG2QCwmHPnog/pzHAo/A6I

    Score
    1/10
    • Target

      ffmpeg.dll

    • Size

      2.8MB

    • MD5

      4c01b367aa3b0b9726a08074df302f94

    • SHA1

      cae3a29495800bc30b33464c9ba00b8bb624ffee

    • SHA256

      5e1fe207fd4919d26600ccb219c8849c35ccf3ccd5036cafaca0ea275afca32c

    • SHA512

      0a912b65a769df5282c49e34839e2451fb06156f30b132f5e1f7677ed801be1d18403e1009fb02f43690c237cddb0e6555c8623a25de28bfbc87fb278d60a974

    • SSDEEP

      49152:JPDtyvMYqXiOamQ7NyjmnMDbG7OUx7n6mfu/oB7pweIcgsxqeUsn/up:NSOqNIoQG7OUrd/xKsn/up

    Score
    1/10
    • Target

      libEGL.dll

    • Size

      477KB

    • MD5

      e18a27ba4b9ebd23505af33f1b4cabab

    • SHA1

      5cc6c4738bb57c3a008d1f745aaa457891412736

    • SHA256

      1307ff9dce08e39f24e7a3a43a8843191f951f0424bf2dd8ed4740e417de88b3

    • SHA512

      2daa4d9b78ae00d9eecd8d336ce92abec3719d5650eb71d653f232380feecc6f68db7abc7b7ee1dd86efd6590e9ea10283a68acf63501a9dad6c37ed8ce4503c

    • SSDEEP

      6144:fuF2DwTNCKxOUxcfDVTyKH/VbPGtWQAOWIBtuKYbu7DBr:GDCKsAcfDVjktWQAOWIubg9

    Score
    1/10
    • Target

      libGLESv2.dll

    • Size

      7.5MB

    • MD5

      03b1b0060eabab709ce88d844c4f6b6d

    • SHA1

      cd3f6e4689d3a7d88b5c51e41bcc1a9d8db6bb2b

    • SHA256

      1ec2db6b243365f7f8099fb29bc56b96076299ee48e007474e6d769353a8bc05

    • SHA512

      92b87c005635b49d80d355f6b3de0ee1513f35e25ba666974a4772b1ccc9d220ce51789656bd85302fa006d4490a1999eaeb75a4f459519a9de992d84e5b5a96

    • SSDEEP

      98304:wYM1bKnyhXV3X4Nf/eW74heor1up6sDCpaXm3TVm:wL1jlX4F7ivuyUCTVm

    Score
    1/10
    • Target

      owutility.dll

    • Size

      1.5MB

    • MD5

      2c050de41b36dabdaeeacf38e76b6c9b

    • SHA1

      aa6fccc7cf02c97079f21e179c8217beaa69c32a

    • SHA256

      b8d800a059fcb3f7a687dc87d9cefcc527f22b0fdadf11bf2400ae8007d2ac0f

    • SHA512

      11a2b85701ecf4d7f0e220e2cc86f85460dd923f3429bcbb65755e4dc00fd073dfa2e46a3f0f1c09e19d68865b09292ac02a7bda65b8849283521f558f2bb568

    • SSDEEP

      24576:qlNUZR3ls2yyVzTi1CNG9gT9qb2pAEfe8h2LU58w3qh+OooKO:UNUZPs2yUzTi1P9i9qbwAEfFhWfFh+Pw

    Score
    1/10
    • Target

      resources/binaries/core_module.exe

    • Size

      40.6MB

    • MD5

      0adf3331e34150110edfacd3978db8da

    • SHA1

      5a73b7177ec2e977ca2b144e0df6d9d61c21e990

    • SHA256

      577d16975eb070055a706043dea10d7d2d60b576f34fc729e40df5703569529d

    • SHA512

      4a501c55ac9afc0fb00969a628abc305a4290f77df1af337ea61e0a9ce3627a66f8b86c93b9a41f3323ef20f029ebd936d722358a38876514ef3f8f3200b6053

    • SSDEEP

      196608:RSeQbqp2at6MNneItKWZJBFpwK9MmHK/bG5l2k7Iy+r:R6biN6en1KWZdpwK9MgK/bG5l2k7IyY

    Score
    5/10
    • Drops file in System32 directory

    • Target

      resources/elevate.exe

    • Size

      115KB

    • MD5

      2d3ec665d71416d626ced91da8d37355

    • SHA1

      d37bc23baeef03b666b5195642ad8eb1df21680b

    • SHA256

      0adae91d34d9458948cb661ddcc12e5a5bba12e5ed853d577265fbe385e6c228

    • SHA512

      e87d1321180e3d977d37d9e597993f22dbd39bc2c25d34749c650b8107e8a3ecaaa55ef79e37aa80904b9295a5f153aad46b08a6e8de49e15b0bf5a3becc9a7b

    • SSDEEP

      3072:0abLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl8oL:fPrwRhte1XsE1lBL

    Score
    3/10
    • Target

      vk_swiftshader.dll

    • Size

      5.0MB

    • MD5

      925338079e6608119e33e79a44bf8f73

    • SHA1

      9e857d320819f88d72e219452a1c7ac0b87b5e2e

    • SHA256

      e43c94e95d0a88951b25927457c45986e7ed9633fec476dba6ead8f4e6079eb6

    • SHA512

      3d6e4584c2ce610c167a6c88fea337861772873367c67fc8762c070d8d88ee333c49a58b00562168235f9a803b58cdfa5876e9f418b9d3c1f418147dc74fa6f7

    • SSDEEP

      49152:2O6ftEjL3Zdon2+a/EgBqB1y91lxfAV7xWV9cO6NZ8m8xg1drRXmVEZvMUn0HjyD:2LftlUSot6EmXxZdIOl5bzLB3dIWb

    Score
    1/10
    • Target

      vulkan-1.dll

    • Size

      935KB

    • MD5

      1564b094baaf6d9a34c07160ecd3016b

    • SHA1

      4d40959f7e5423e05aeea55833a7dc19800b9965

    • SHA256

      b45d5e6bf092d779060829894a61ec312f806bf8b2f73dc4fa18d1ce3ef69c2e

    • SHA512

      775c8a5c4dd11af46c884a10ac53ae2a93bb7f5acc864ee2f74d3df52bbad417fc978e83876a4a52860a121ec17a92e18adb79c5f1ccfa615091a26b401013fb

    • SSDEEP

      24576:+y+lCO+5ian96u6WbEJXay6Z5WdDYsH26g3P0zAk7o3uu:+ymViaWbYT6Z5WdDYsH26g3P0zAk7of

    Score
    1/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      ec0504e6b8a11d5aad43b296beeb84b2

    • SHA1

      91b5ce085130c8c7194d66b2439ec9e1c206497c

    • SHA256

      5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

    • SHA512

      3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

    • SSDEEP

      96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
4/10

behavioral2

discoveryexecutionspywarestealer
Score
6/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

Score
1/10

behavioral12

executionspywarestealer
Score
6/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
5/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

discovery
Score
3/10