Overview
overview
9Static
static
7GlassWireSetup.exe
windows7-x64
9GlassWireSetup.exe
windows10-2004-x64
9$PLUGINSDI...St.exe
windows7-x64
9$PLUGINSDI...St.exe
windows10-2004-x64
9$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
9$PLUGINSDI...er.dll
windows10-2004-x64
9$PLUGINSDI...86.exe
windows7-x64
7$PLUGINSDI...86.exe
windows10-2004-x64
7GWCtlSrv.exe
windows7-x64
9GWCtlSrv.exe
windows10-2004-x64
9GWEventLog.dll
windows7-x64
9GWEventLog.dll
windows10-2004-x64
9GWIdlMon.exe
windows7-x64
9GWIdlMon.exe
windows10-2004-x64
9GWUnlock.exe
windows7-x64
9GWUnlock.exe
windows10-2004-x64
9GWUpgradeMonitor.exe
windows7-x64
9GWUpgradeMonitor.exe
windows10-2004-x64
9GlassWire.exe
windows7-x64
9GlassWire.exe
windows10-2004-x64
9Qt5Core.dll
windows7-x64
1Qt5Core.dll
windows10-2004-x64
3Qt5Gui.dll
windows7-x64
1Qt5Gui.dll
windows10-2004-x64
1General
-
Target
GlassWireSetup.exe
-
Size
78.8MB
-
Sample
240630-hzxqwaxhmn
-
MD5
7b6cc2a288ff0738ca69d4bf6688b5e2
-
SHA1
06c050428c0708d2f20d464f4ec43b3518dab58e
-
SHA256
4ddaa14f57744b2cac875ffb15a09e49246b9a45ab3c1122dca7aa47f820a1f2
-
SHA512
25bd4b3680a0b83949b1b9b27307be14e22946e44415f1525fd42d6d32f7c414659b5652716220be34a3f65cd22dbd351b4309bd279f3fb72cd5178cc9b26da1
-
SSDEEP
1572864:V0SU7bAyCN59pjGHal/j7CKh3/YtSh/2T3+IzVgEu6ns8g2zZxC5snRKEn/zNHMJ:V0SU7EJvrl7+C3AoNg35Zg12fC5snjxW
Behavioral task
behavioral1
Sample
GlassWireSetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
GlassWireSetup.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/GWInstSt.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/GWInstSt.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsihelper.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsihelper.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/vc_redist.x86.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/vc_redist.x86.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
GWCtlSrv.exe
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
GWCtlSrv.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
GWEventLog.dll
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
GWEventLog.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
GWIdlMon.exe
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
GWIdlMon.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
GWUnlock.exe
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
GWUnlock.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
GWUpgradeMonitor.exe
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
GWUpgradeMonitor.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
GlassWire.exe
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
GlassWire.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
Qt5Core.dll
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
Qt5Core.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
Qt5Gui.dll
Resource
win7-20240419-en
Behavioral task
behavioral32
Sample
Qt5Gui.dll
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
GlassWireSetup.exe
-
Size
78.8MB
-
MD5
7b6cc2a288ff0738ca69d4bf6688b5e2
-
SHA1
06c050428c0708d2f20d464f4ec43b3518dab58e
-
SHA256
4ddaa14f57744b2cac875ffb15a09e49246b9a45ab3c1122dca7aa47f820a1f2
-
SHA512
25bd4b3680a0b83949b1b9b27307be14e22946e44415f1525fd42d6d32f7c414659b5652716220be34a3f65cd22dbd351b4309bd279f3fb72cd5178cc9b26da1
-
SSDEEP
1572864:V0SU7bAyCN59pjGHal/j7CKh3/YtSh/2T3+IzVgEu6ns8g2zZxC5snRKEn/zNHMJ:V0SU7EJvrl7+C3AoNg35Zg12fC5snjxW
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/GWInstSt.exe
-
Size
2.2MB
-
MD5
9a62cce787dfcc54209313a7f9fb6671
-
SHA1
35308ca6dfe2862f88f9ba60b4ddb42cfa188f0e
-
SHA256
9df71be3506e9bdd85b3e688a7672fbad674c6ae4a2e1f6cd40326c07e1b839a
-
SHA512
681c4144ce964780c19dae317fc861e4bbccb4130738d00fb1424b9f3c115c05c98b506952a017c03ce1cdecfc4bcf257b0ffacc5765e0dea4e817d46e1cd397
-
SSDEEP
49152:zU2GpDy79bnUKbpxU30TzlefgDvL+M7bG8uPvkkqqFcMfGJMEf:4bDsXbpnTzlLaMHG8AqqFrS
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
a8c86996c4230c2209f5927f21321377
-
SHA1
45ce0ab93cb6a3a594e54878cce05df724024393
-
SHA256
110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855
-
SHA512
69ee73496b916777936b0dddd2cc4a4f916e393f7d0b167cba77a4a239ee1e3f645d9b90dee1627c42a23eb6c3403e4d086546b9f78b3a2e4999c8f92f6a3bc3
-
SSDEEP
96:mIt3J2Gl0eVe0+Cfo0UkXt6+o69UiGdPh5/utta/23lkCTcaqHCI:bhE+A0+sF6piUFkAylncviI
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
4add245d4ba34b04f213409bfe504c07
-
SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
-
SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
-
SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
SSDEEP
192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
1d8f01a83ddd259bc339902c1d33c8f1
-
SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
-
SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
-
SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
-
SSDEEP
96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
7KB
-
MD5
b4579bc396ace8cafd9e825ff63fe244
-
SHA1
32a87ed28a510e3b3c06a451d1f3d0ba9faf8d9c
-
SHA256
01e72332362345c415a7edcb366d6a1b52be9ac6e946fb9da49785c140ba1a4b
-
SHA512
3a76e0e259a0ca12275fed922ce6e01bdfd9e33ba85973e80101b8025ef9243f5e32461a113bbcc6aa75e40894bb5d3a42d6b21045517b6b3cf12d76b4cfa36a
-
SSDEEP
96:JwzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuH0DQ:JTQHDb2vSuOc41ZfUNQZGdHM
Score3/10 -
-
-
Target
$PLUGINSDIR/nsihelper.dll
-
Size
5.9MB
-
MD5
96955b513868646bff7b65b2e671e43f
-
SHA1
a36c0c4191e0ab5bd3948de17b94fb413af3a52c
-
SHA256
01615b77079a837aee522812eb82d60bd4c20c3c0a5a6739b623d3d18b2513ac
-
SHA512
b60fd0895f13958f089dbf1f11777a6372c9f6ec2ab77416f7f92d7e58dc5079f4523d1cbd013e9278fc1adda273a592be748e1be8b6b61dd61a70ed66c5f76f
-
SSDEEP
98304:7GfeZrOyJpVt1z1qKodLSabEyMbz7j5SKrnnfKO4SLcjixplkSQNe:KfeZDDB1wLxwyMn5TDnfV4nkpse
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/vc_redist.x86.exe
-
Size
13.1MB
-
MD5
dd0232ee751164eaad2fe0de7158d77d
-
SHA1
7391663f07cba7c99f3503929fcd3561f1f6a552
-
SHA256
4c6c420cf4cbf2c9c9ed476e96580ae92a97b2822c21329a2e49e8439ac5ad30
-
SHA512
cc82a7a8ead3c036559109d4daee623622edd4b4b5241545efa0e36d906c1af10d4056ad003f8849475f4e1e625eb9f27de7a9e13b28ac7ab88da99d5f926c2e
-
SSDEEP
393216:eEHMlptVYmfr7yBG/4u1ma3R9kCX83LHqD:eeApttD7yBG/Fm8Hg2D
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
GWCtlSrv.exe
-
Size
8.3MB
-
MD5
4bd8532fd72e25bdd49f004a25aa04f7
-
SHA1
e90e057f783ed9b533c7b03ae4f12b5393e26b67
-
SHA256
05615a4cbdca16f882301486ebf4419a049d408d696e04421c8ec5e6f3181708
-
SHA512
b356ca56ef2408e21f42fa21ed3cfb7bb1f366bb75f404c7ed737a041606c137b430400ccfceb9c972ee55804f456bdadb218231a7a94e8b5b32fe71f82606b7
-
SSDEEP
98304:Ap2FTVnmyy3uj3+wm7n/uPyvZHz9HRX+pPIk1DNrMRdRgVDJUpx90w2B42weYjEi:AWTv+17nRZTLuxfRawwXpjEzKy/9k1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
GWEventLog.dll
-
Size
4.5MB
-
MD5
1e1b855cd1cc8bc00c0dbb0fad8e75dd
-
SHA1
e77da5a642e76da25f20726d7490ac9333d1ca2d
-
SHA256
a97e9c4955460de4449b509198363ca5e35e31b29ea07766741744b559614fa8
-
SHA512
339fff314fc5d16e78ff3755200e7cccb2dbb8d8a040a8c3f532dd9aecf6ae0563fc2ea44be55558dda2d036aa878f0e37e716b502528eec64ffca98b73a79ed
-
SSDEEP
98304:PmnQGvFmplY+XPmgh/vxqPYhc335Z2nRfe5bWGHtXbVkOz0jC64GBT8T:PKmpBmCwleRfCbWLzjChGxW
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
GWIdlMon.exe
-
Size
5.3MB
-
MD5
5d333cdf3eced3cf2f61c07cc15a8eba
-
SHA1
6321f00a6f39dc1f8b22cafccb6c5fe47aa29e65
-
SHA256
fdf09a997ff577218a43fab6767d3a6239f12ffe59d9917d44e540bc23fdd252
-
SHA512
51b61345f81549693900e7b2e1592be0da03e0e3fee5c75885cb4af3e851f757097e5d18d625cb3868ea5f5d4bfc9ca6c1d8fda1ba17eb8ae48a905b82c7faba
-
SSDEEP
98304:2wnrJIKFej1+izXGP/JRZOqZVZpSxhJO5vsI7k7LJKSm24rfUN9tjjtNB:7n9xex+iiJRMqNp8hM5EI7k7opfrfUNZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
GWUnlock.exe
-
Size
3.9MB
-
MD5
e3b8025f68218afe124eac6fe003eff6
-
SHA1
8ec765a41e631c5d77882e71d48f63fc0d0ffbbd
-
SHA256
f424e81a5504896a2f96a56433e086daf86020d3503d88b67fa885a75eb79389
-
SHA512
136f9a72dc76a412669675b7d17527f5d1d63ae793afddce0554e070eafc954c8b33683fc2c3dd13b64f09437f05ef796edc4140d6421f15c50387a8a8a83962
-
SSDEEP
98304:SKaIL5ysioj6zmmKO0msVe/GZfqOOijGEeJJqhhMmWb:2IL5Z+mmKO0vy03tpib
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
GWUpgradeMonitor.exe
-
Size
7.4MB
-
MD5
a351396335a81329006c0765d5e3f7d6
-
SHA1
e1ab7aaa5e71b71a2203e9399201737e041f2878
-
SHA256
03a2cf2c6e265523e81b3ae326a14328a676802d35047ab2e241136286d0dc34
-
SHA512
5d17fb62f6e06e2693a4a47bf0f8599437167862eecaeb940465c1c6cca92a49503f649fe11ebb408b5bdae417b04125adcd12ef53da4bfaa83feea626e260e6
-
SSDEEP
196608:0OBk+ju1viOeuw4QNWbwd/ogrzVF/QI+Fz2sP6gSF:vDu1viUMKarZN+B2+Zk
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
GlassWire.exe
-
Size
11.4MB
-
MD5
0cdf65d9e3da8dcf541ac718aa4cac26
-
SHA1
5cd8aa79429ceee076d9f38b56863550ac3be478
-
SHA256
18bb786859c67faa73a71f305784a33e062445b1ba5e7114ce1f5f3d924fe766
-
SHA512
e3d87710594f835fc6b4ebbcc06263b4a91340cf55c0c909e62f66c712b86aefb91bd9c9b8f9985a518b7e06345cbc3bc4315562f7bb2c2ad0a15b5439e99701
-
SSDEEP
196608:F2S9fwxgol7RKTnh/lxJBjvy9xM0uI6HGWnB7LlyjC2g1ZH2cP:F2qCN4TdlxHjv62RfB7hoCLZW6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Qt5Core.dll
-
Size
5.1MB
-
MD5
e1dc6cab6ffae535256b534d7d9807b6
-
SHA1
55cadb1d437e83e5f4720fc3d4d58d5ce41d6e6c
-
SHA256
97b5274bb4f1a746318cfdcce8cccc5dc81560825876ce27a68f0f416299acbb
-
SHA512
c3692fa72398a88f05247dc13b814073462b1df4a336ad3624769745e0e4a77d4ca549397477792c63714d286e6185d7abca3f8fbb64df6ae1df474c366f605b
-
SSDEEP
49152:r1AH+7g4QrRpvOK8Bbl+Gy+/LZsxRFNHlZTlJsv6tWKFdu9C/cPk4VHEYI9CV4en:p5gje5lCjzJsv6tWKFdu9CtvDhgwc1
Score3/10 -
-
-
Target
Qt5Gui.dll
-
Size
5.6MB
-
MD5
09d02d3a0a98525e416feffd2b759028
-
SHA1
7f84faa29987dd60c5e1651096efa8b4b95d70e1
-
SHA256
f84f0c5e177f12b1f9e7054ff15bf9640cce8da8bbaf1d08bc40636227bc105a
-
SHA512
e622acba8f6cff71061aafb74f5b9006477d521ead4e48f4f0b1fffa70b85b822fbe309de703ab0dc38d87beede8881766dd45330465365a5d6a32b71119228d
-
SSDEEP
49152:zKUDGaBVW3sDAPNaiCZPcSnt8KQ6oOtA/tiG7WwjrAxLXwQ98vd+hc0WM66fL5cn:WUKssPdOy/tZWnXThVc5tnB6NDr2
Score1/10 -