Overview

overview

10

Static

static

1

GoldenSpy.exe

windows7_x64

10

GoldenSpy.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GoldenSpy

  • Size

    371KB

  • Sample

    200702-1cg4llas1a

  • MD5

    cd896ff09e0930ce4d0da2c83bb2a3d0

  • SHA1

    2fab274b4691920b507057d2b70af65a458fa3d7

  • SHA256

    e2f55047a690ed67d5e3a5f90679576e3cca6ceac36bce39dc60b4748a176a09

  • SHA512

    feec2c8644bfcdf8555bb3209ac15812722f8066fb95733fd5eb39a7f28167da6e26086eb5b1794b0ef7a6b46474bf2cc9bfcbdc87d3d9dea87822fc7e8e3a6a

Score
10/10
goldenspybackdoordiscoverytrojan

Malware Config

Targets

    • Target

      GoldenSpy

    • Size

      371KB

    • MD5

      cd896ff09e0930ce4d0da2c83bb2a3d0

    • SHA1

      2fab274b4691920b507057d2b70af65a458fa3d7

    • SHA256

      e2f55047a690ed67d5e3a5f90679576e3cca6ceac36bce39dc60b4748a176a09

    • SHA512

      feec2c8644bfcdf8555bb3209ac15812722f8066fb95733fd5eb39a7f28167da6e26086eb5b1794b0ef7a6b46474bf2cc9bfcbdc87d3d9dea87822fc7e8e3a6a

    Score
    10/10
    goldenspybackdoordiscoverytrojan

    • GoldenSpy

      Backdoor spotted in June 2020 being distributed with the Chinese "Intelligent Tax" software.

      trojanbackdoorgoldenspy

    • GoldenSpy Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks