goldenspy | 4f86175e5500be87cc95ea9fcaf565970e15a86b2aa3223f8ef8d25e72cec376 | Triage

Submit
Reports

Overview

overview

Static

static

1

GoldenSpy (10).exe

windows7_x64

GoldenSpy (10).exe

windows10_x64

Sharing

General

Target

GoldenSpy (10)
Size

4.3MB
Sample

200702-4gxmmwxrln
MD5

f27d1590ba0aaad5d3c0831cf3e33df6
SHA1

282cc1f9cfec1ae9d07a8a6add327977f405244f
SHA256

4f86175e5500be87cc95ea9fcaf565970e15a86b2aa3223f8ef8d25e72cec376
SHA512

a65078a14ae14c417d4db497e220e1fcbd29e76bcc971fd7ff5f560498be1d717622def506df8e7782b8501c6defe356befa80e6769873124a65e93368d09061

Score

10^/10

goldenspy backdoor persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

GoldenSpy (10).exe

Resource

win7v200430

persistence trojan backdoor goldenspy

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

GoldenSpy (10).exe

Resource

win10

persistence trojan backdoor goldenspy

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  GoldenSpy (10)
- Size
  
  4.3MB
- MD5
  
  f27d1590ba0aaad5d3c0831cf3e33df6
- SHA1
  
  282cc1f9cfec1ae9d07a8a6add327977f405244f
- SHA256
  
  4f86175e5500be87cc95ea9fcaf565970e15a86b2aa3223f8ef8d25e72cec376
- SHA512
  
  a65078a14ae14c417d4db497e220e1fcbd29e76bcc971fd7ff5f560498be1d717622def506df8e7782b8501c6defe356befa80e6769873124a65e93368d09061
Score

10^/10

persistence trojan backdoor goldenspy
- GoldenSpy
  Backdoor spotted in June 2020 being distributed with the Chinese "Intelligent Tax" software.
  trojan backdoor goldenspy
- GoldenSpy Payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencetrojanbackdoorgoldenspy

behavioral2

persistencetrojanbackdoorgoldenspy

© 2018-2024

Terms | Privacy