goldenspy | 40fc4d9b7d4cd8414ee27863f630cf3155bcf4ae34b2e35071456f8ac7a944fd | Triage

Submit
Reports

Overview

overview

Static

static

1

40fc4d9b7d...fd.exe

windows7_x64

40fc4d9b7d...fd.exe

windows10-2004_x64

Sharing

General

Target

40fc4d9b7d4cd8414ee27863f630cf3155bcf4ae34b2e35071456f8ac7a944fd
Size

368KB
Sample

220204-mk8xtahcej
MD5

08a336361d0551bf2ff72ae0eb06f23c
SHA1

f914d02fb056fd59f8dd88ea87b0d30dd97786e3
SHA256

40fc4d9b7d4cd8414ee27863f630cf3155bcf4ae34b2e35071456f8ac7a944fd
SHA512

a9be11cad129d138da08621b525afa42eda1d5c14b103e09a7562b0524e186a80bd8286585a0fa59fc64eeddb484b945bdc78abd10a2539b6e395de23050dff8

Score

10^/10

goldenspy backdoor discovery persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

40fc4d9b7d4cd8414ee27863f630cf3155bcf4ae34b2e35071456f8ac7a944fd.exe

Resource

win7-en-20211208

goldenspy backdoor discovery suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

40fc4d9b7d4cd8414ee27863f630cf3155bcf4ae34b2e35071456f8ac7a944fd.exe

Resource

win10v2004-en-20220113

goldenspy backdoor discovery persistence suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  40fc4d9b7d4cd8414ee27863f630cf3155bcf4ae34b2e35071456f8ac7a944fd
- Size
  
  368KB
- MD5
  
  08a336361d0551bf2ff72ae0eb06f23c
- SHA1
  
  f914d02fb056fd59f8dd88ea87b0d30dd97786e3
- SHA256
  
  40fc4d9b7d4cd8414ee27863f630cf3155bcf4ae34b2e35071456f8ac7a944fd
- SHA512
  
  a9be11cad129d138da08621b525afa42eda1d5c14b103e09a7562b0524e186a80bd8286585a0fa59fc64eeddb484b945bdc78abd10a2539b6e395de23050dff8
Score

10^/10

goldenspy backdoor discovery suricata trojan persistence
- GoldenSpy
  Backdoor spotted in June 2020 being distributed with the Chinese "Intelligent Tax" software.
  trojan backdoor goldenspy
- GoldenSpy Payload
- suricata: ET MALWARE GoldenSpy Domain Observed
  suricata: ET MALWARE GoldenSpy Domain Observed
  suricata
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

goldenspybackdoordiscoverysuricatatrojan

behavioral2

goldenspybackdoordiscoverypersistencesuricatatrojan

© 2018-2024

Terms | Privacy