General
-
Target
geode-installer-v4.0.1-win.exe
-
Size
37.4MB
-
Sample
241123-3ajg6s1rc1
-
MD5
481c805b21fd4253fb77b8a4c1837427
-
SHA1
0e6d51d5db91496e308c4d6c9bd21c1eb105b1ed
-
SHA256
b4fb522c3ace596c6464955c11a33f2de2fbc23a1eba91cbdcf3b4ced7e16413
-
SHA512
df8d828ae41b9c2bdb75d486f6ecdebeb8c975694ec4e37b56f95607eaceeaab2acbbe7c83a3f8491d19820a2c0158ab34dcc36e85ca7a1cd1764e3dd34477aa
-
SSDEEP
786432:xnLgHQ+u0t810rtZAicXagU5ybyjvXjcMqoS/dxggOo:xnIltQ0XtrXjcrDFdOo
Malware Config
Targets
-
-
Target
geode-installer-v4.0.1-win.exe
-
Size
37.4MB
-
MD5
481c805b21fd4253fb77b8a4c1837427
-
SHA1
0e6d51d5db91496e308c4d6c9bd21c1eb105b1ed
-
SHA256
b4fb522c3ace596c6464955c11a33f2de2fbc23a1eba91cbdcf3b4ced7e16413
-
SHA512
df8d828ae41b9c2bdb75d486f6ecdebeb8c975694ec4e37b56f95607eaceeaab2acbbe7c83a3f8491d19820a2c0158ab34dcc36e85ca7a1cd1764e3dd34477aa
-
SSDEEP
786432:xnLgHQ+u0t810rtZAicXagU5ybyjvXjcMqoS/dxggOo:xnIltQ0XtrXjcrDFdOo
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/modern-wizard.bmp
-
Size
201KB
-
MD5
3c5626cfc549b9a2fc147f84601a68b1
-
SHA1
df2015ab7aa2eb9943cc5929fb9f7ec14a26b71e
-
SHA256
4873a57c9b2d697e4f8689ff7a2f785fb836a6289bc377320987b5541856234c
-
SHA512
b076a7c5350a8fda2f641c052bab4f87a602f313c91a3c0ceab2da45f9753cd89ee97497a5c67552e65a97de1366e69bfc531f6b728224e86314b90b91fd9511
-
SSDEEP
384:Gx1uncOx0y1ARSzKyHOTEdWTBSYY0Z9XENc5iXbu8naAQHmUn0R/V8jQ1P6g1PKF:0uxVMsf8EbFGHmLRt8jQ1iE95CP
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Geode.pdb
-
Size
53.3MB
-
MD5
ae9d17339482491550c039875f6420cf
-
SHA1
3d1dbfae15fab04bbbe118ba9b1351330766fa4c
-
SHA256
b600c470c4c79166edad53622751226270ec3e79359de926c84d24d8752d3890
-
SHA512
36acbf014cb8bf3800cf094bb8d407e5b67cb43cc9d1c4b5536f49573368a4dfd62b87cdd52faa16365f285885a0c10787667e7c6fcdd1ea26a09bfbfc3ca373
-
SSDEEP
196608:tk2NgzWMVIWjPIWxbERIa3TzNS9pZMH6+pakekD/MdKMZI7aKAu9hpQRLHZP+e63:tkOmUaio/fU0jVVjq+o
Score3/10 -
-
-
Target
geode/resources/geode.loader/APISheet-hd.plist
-
Size
16KB
-
MD5
6e0f9f03ff057ff0e2230fe568930f95
-
SHA1
83f40cc716fad5157e8a9f43e5b9a58aaad1f606
-
SHA256
29b89c41f3cd3c01a526a548a52f8abf9a43e4feb7af0d46cd7e063009c381b8
-
SHA512
c8fca51b8be435d7857901bd5fefcd32046067f0a105398c8122d86bf3c72d1412f1c4bcf3b161a75b56aaa7bd9195f2d16f1a8fe3c315cfb57866a66253b9ac
-
SSDEEP
96:CyQcEcodcBcGcjec3z+cTcecgcGcyYcac50cmcTzcfeckc9cgcRzc+EEcBHlcbmU:XUzxZd6VMK+
Score3/10 -
-
-
Target
geode/resources/geode.loader/APISheet-hd.png
-
Size
302KB
-
MD5
341798ae7714d503340d98687ddb2fd4
-
SHA1
94f705bdffa62536afeb67914c5836521a1aee9c
-
SHA256
dbdf92d866f638c69cc5ff62c6356c15cc4fd1453189bddb798bb4eef3ff4a1a
-
SHA512
f860b7a4a97f1bbde6710c023bb0510a7fbe8c336d9747ba5d6cc09fbcc032b280a1757fc21e0dffb0acb72e0415fb3c4c480883b327a5d316cf3428194bf63f
-
SSDEEP
6144:IJv9DPA4mEjufvfuTFZB04gVV2o/1ZZjW+B0p/02S+2Ut35H:G9TA4mu8nGZm3VMotzjj0pcvUx5H
Score3/10 -
-
-
Target
geode/resources/geode.loader/APISheet-uhd.plist
-
Size
16KB
-
MD5
e72d9375c4a2c72915c9ff3b980bf830
-
SHA1
7e905948bcbd52d2badd5654cf9fc7647bbc2710
-
SHA256
d97a1861a221542fadacdc2344f180e7da57a632b69fb1a67ff2ce0cdb1b8cd9
-
SHA512
d68c914b22a6fc35d5d5da79406910b2d92a5785f4a706eac2cc7b0ce1841767ec83abb77a0ba4e7144689f3b41e6aa0f4d44ba2a8b546d9a993cfaf1ecb230c
-
SSDEEP
96:CyQcJcwchccEEcjE8VcTAcucHckqYgcVYcBcJ0xgzcgcnuelScHcnYzD8cwcMmcV:XEEjEBUgu1BqGl1ThG4DApIf8g
Score5/10-
Detected potential entity reuse from brand STEAM.
-
-
-
Target
geode/resources/geode.loader/APISheet-uhd.png
-
Size
596KB
-
MD5
a29f7422d849323f41a02447708f1950
-
SHA1
1d9b753835778ff6483a8158d57407b3674fe072
-
SHA256
a0ac3db848e6c95dd284cddbc2326a3ffdf95fbc173f95268bbc157b62d92c44
-
SHA512
5647dc4945c4528f8a147de294b047a2783f66024e61b28d7c85940615d35b4886da492e43746b87a7ec324acd125132e0f37c77b87f25fe112a9d01affc03ce
-
SSDEEP
12288:hLd0V+Ry2kD/chstkHO6FqO7tIO//s0yjamvR9ME6P6LjmWE++aC88:zRHkwecOSZ7WiLaaEC1SCWE
Score3/10 -
-
-
Target
geode/resources/geode.loader/APISheet.plist
-
Size
16KB
-
MD5
a165e6f847feaf3401a9e80e6834e1be
-
SHA1
4fdb46be3c617dab728e54f08b1a30265981ce93
-
SHA256
7e03e949448fc9bee5bf968548919a1bb8b9bd4496e83bbde05bffd3994f5d5a
-
SHA512
c4ad97f08dfe8cc4a12655d719c51fc46c86a595751a18400887c679991a078b4fc861dc1c88aad1e1b17e84ec860b61c51d53f38449b915b52cced2aef17047
-
SSDEEP
96:CyQco4FGcNc2cFczXchcVPccFc/c0c1YcYcF0cBc6zcFcbc3cCcZzs4cgcDBScT8:XXQv/Dva5oLZj2
Score3/10 -
-
-
Target
geode/resources/geode.loader/APISheet.png
-
Size
117KB
-
MD5
256e5b55921e6ef0f0194ec279b5560d
-
SHA1
45ed25b3188fd160015c7fab6a50c55535aa769c
-
SHA256
95f8eabda53553b295e88b0de6b4383121ec3baedaa19a6b81e7f0f582a53b55
-
SHA512
7ac2907a4e9365ff083d53772d43734f419fbed30dfc6006b8b29f304dd8507aa42a457bb19044b1acb0a073c562eb06524f21168f86b9f467deea4ce71282c1
-
SSDEEP
3072:k1GBxUFLCyqQ4Qc5BQdJXqpwRYB5Jf3v18geQVB6HJET1J6srzL2z:k1GK14RBKJXV6VvcHCxL2z
Score3/10 -
-
-
Target
geode/resources/geode.loader/BlankSheet-hd.plist
-
Size
28KB
-
MD5
b37efa16cdd383fc1a8d70db34a471eb
-
SHA1
cbe34193485de0eec3cd0c82c0201062fdf58fb4
-
SHA256
85266e450e8e3025fe6254c7afbcfc59eea09f04a0142e767033296e1f58d1d1
-
SHA512
cb7e53075744a8640b119a9dbf99e61c79bdb781e093aadc6758aa6b6101c264933409c9800436e927db8e6a35cf8275d628797dcc4223905e727830e1747fd1
-
SSDEEP
96:CybcRcSzc37NDnbzF3KeQxgPbzQDfrLTSbzkh54wkws3bzDwjgouz6duzFuzHbzK:X5778ha8ym40TWP646digb2Wy
Score3/10 -
-
-
Target
geode/resources/geode.loader/BlankSheet-hd.png
-
Size
872KB
-
MD5
f26428a687f1f978ded7d0d9926da9ab
-
SHA1
cd7e45d101b480676b7b00a4515ac261769ad05c
-
SHA256
19f6fe37174122f8dc4c6bae0c2458b039a5aac3f4031f7c5025855827f30896
-
SHA512
3ef3916320f4560f19a9471c63ae4fb71c5dee3e3e891eafa932c69ab0beecaf8b39cb9765f4c30fbd633592a0740447388aed9d0ee51a0378edb05a7ffdccea
-
SSDEEP
24576:dr5Ti8hxxDCLjZS6f+lNU9Mx76sbb2CRFpMq:BsQsZS9g9Mv+8F1
Score3/10 -
-
-
Target
geode/resources/geode.loader/BlankSheet-uhd.plist
-
Size
28KB
-
MD5
887084fee2fe22c876a9383df62954f0
-
SHA1
3cf3744abc89d21b4ca24c06712842f48a821818
-
SHA256
59a7533832e463e3e3a678fb9eb95705f0923f33d2106caa6449a1418324bd2d
-
SHA512
8662fdc1bacffd2822eed71f50c79de93d6bcf78d22f457edf113b1df6982c00615c43df0fb055b0a05f421096ffbd59c6b7d5164f31fbd4cbb03aae710521da
-
SSDEEP
384:BViNRnK3ID3idlL1WtkQ1gbjTlB7TqJTGPRfKpgzahuaL8qP:BViK/dlL128qP
Score3/10 -
-
-
Target
geode/resources/geode.loader/BlankSheet-uhd.png
-
Size
1.6MB
-
MD5
6fed829833097a07ef73fe3ac58deccd
-
SHA1
c82853a39dc90a111b252c880a704d7e56d024b8
-
SHA256
9fa83c2bc7b90500af5084721ce7030053357bc86df9e3fe7b3fc70465689488
-
SHA512
cfecee0088fbeabffbecaebd8a6acd1e723d75a6fb9a26c38144dc5bd00f82acb5ac3a883af8b8d2e5438db5bcc51b01554beeae3893290d34c9e56cdf28e018
-
SSDEEP
24576:2YUAMzo59Kgueb24Az9XY/FoXA5F2KHII7j5EfI7pC7sWc:6cBFjAz9cQA5YKLYcX
Score3/10 -
-
-
Target
geode/resources/geode.loader/BlankSheet.plist
-
Size
28KB
-
MD5
d74130e2b72dd65f96e5388f26ba5b3d
-
SHA1
5e567006cb0042009d10efeadf668d3423dfa069
-
SHA256
27506ab8dc9335a1b0ece32a97d3a10fdad459229e537f304b12e77e00f5f7e3
-
SHA512
cd3082e6e821b348c443a5a64c183cabbd9f5da4de4501c1f32ff60d70cbad2c5a8f9b69ee3e506dd29277d5cf8e45aa0ea01c2a38034381684639de2d835eb7
-
SSDEEP
96:Cybc0cAzcNTl49bz9pxOcQqocQqMcQqJbzcQqyucQqCKcQqucQq2hs9bzfGQNnxA:XlhAwJ88+P7vqKvKvsFHG
Score3/10 -
-
-
Target
geode/resources/geode.loader/BlankSheet.png
-
Size
321KB
-
MD5
426896395bb63f3d8602e0c9fb2ef035
-
SHA1
d56dbf95b43e24a1ffe499f80f834e7c2934a6cf
-
SHA256
8c23230182fb3b4aca7cd4afeef20d4ea9be5db1fbf353f259ab2e8fc09513c3
-
SHA512
42f516425d5ffd7f21fff857bb51f19db8b037708f2a79591c4ad21d395c0c552851bb58e4713b46961e62b51e9aa0f2c47ef52b7e6a22e59838b9d39ea29ebe
-
SSDEEP
6144:wa39Ny4S8ayYasmZxG9wxXkurVwGV6UvSwsUoxCPhHF2jQfE:539zS37ufra5UvSws5xaHF2jl
Score3/10 -
-
-
Target
geode/resources/geode.loader/EventSheet-hd.plist
-
Size
1KB
-
MD5
732790dbc88d1ce29b5304866067b833
-
SHA1
3bff7d8db17a9895f5aab37a946d4cc05a809eb9
-
SHA256
2f328b13098b78d8ff23cca587eb791f8f49370673837324f5c600dc7070d1ed
-
SHA512
da212a50da0c4b93e780e5ae33952b6e5fe0c85d0d5a283ad0ae7cef391c0314ee6d57519cf8b8551345b46ea84669d7f7f0a8c447652217ad57fc139c28d143
Score3/10 -