General
-
Target
GoldenSpy (9)
-
Size
366KB
-
Sample
200702-lkz45bfk86
-
MD5
580caea69988031af5b91bbd27789a52
-
SHA1
5fe24ee068b71fb96a917b0ced319ed2bb02ab3c
-
SHA256
ffbeaa5947fc467fce27c765a4e8dc08e45c8ca13e583f5271b19e944e0cb8e3
-
SHA512
16a030c672f6f806e8d56634dc548dca89a188bbca25357836dd63bcbfbe805fc2647467e86468a734bae917a8d55bacd40cad0d6a6d1a7cb26996e8a60de0cc
Static task
static1
Behavioral task
behavioral1
Sample
GoldenSpy (9).exe
Resource
win7v200430
Malware Config
Targets
-
-
Target
GoldenSpy (9)
-
Size
366KB
-
MD5
580caea69988031af5b91bbd27789a52
-
SHA1
5fe24ee068b71fb96a917b0ced319ed2bb02ab3c
-
SHA256
ffbeaa5947fc467fce27c765a4e8dc08e45c8ca13e583f5271b19e944e0cb8e3
-
SHA512
16a030c672f6f806e8d56634dc548dca89a188bbca25357836dd63bcbfbe805fc2647467e86468a734bae917a8d55bacd40cad0d6a6d1a7cb26996e8a60de0cc
-
GoldenSpy Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-