General
-
Target
GoldenSpy
-
Size
371KB
-
Sample
200702-1cg4llas1a
-
MD5
cd896ff09e0930ce4d0da2c83bb2a3d0
-
SHA1
2fab274b4691920b507057d2b70af65a458fa3d7
-
SHA256
e2f55047a690ed67d5e3a5f90679576e3cca6ceac36bce39dc60b4748a176a09
-
SHA512
feec2c8644bfcdf8555bb3209ac15812722f8066fb95733fd5eb39a7f28167da6e26086eb5b1794b0ef7a6b46474bf2cc9bfcbdc87d3d9dea87822fc7e8e3a6a
Static task
static1
Behavioral task
behavioral1
Sample
GoldenSpy.exe
Resource
win7
Malware Config
Targets
-
-
Target
GoldenSpy
-
Size
371KB
-
MD5
cd896ff09e0930ce4d0da2c83bb2a3d0
-
SHA1
2fab274b4691920b507057d2b70af65a458fa3d7
-
SHA256
e2f55047a690ed67d5e3a5f90679576e3cca6ceac36bce39dc60b4748a176a09
-
SHA512
feec2c8644bfcdf8555bb3209ac15812722f8066fb95733fd5eb39a7f28167da6e26086eb5b1794b0ef7a6b46474bf2cc9bfcbdc87d3d9dea87822fc7e8e3a6a
-
GoldenSpy Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-