goldenspy | 2f65238e7b3a8ddd719fb19a506cd1d964fc7b5cab6f3f4e95235c235cac2190 | Triage

Submit
Reports

Overview

overview

Static

static

1

edadf30df1...0b.exe

windows7_x64

edadf30df1...0b.exe

windows10-2004_x64

Sharing

General

Target

2f65238e7b3a8ddd719fb19a506cd1d964fc7b5cab6f3f4e95235c235cac2190
Size

351KB
Sample

220204-mmgakshcfr
MD5

ed8a45d45c7dceb822c739ff878525e5
SHA1

8c62c96c46133ac71995b294cf2209d1b8a3e5a5
SHA256

2f65238e7b3a8ddd719fb19a506cd1d964fc7b5cab6f3f4e95235c235cac2190
SHA512

8cacd4759ed75a0bf04b2d5513700ea48827b9fae2028ac453603036e96928e581dcc13294fb32aee97583e77e5eed53bf4c6621d6ebde97f33d5eeb050fa1d7

Score

10^/10

goldenspy backdoor discovery persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

edadf30df18e6a7ea190041cf3bd4a0b.exe

Resource

win7-en-20211208

goldenspy backdoor discovery suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

edadf30df18e6a7ea190041cf3bd4a0b.exe

Resource

win10v2004-en-20220113

goldenspy backdoor discovery persistence suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  edadf30df18e6a7ea190041cf3bd4a0b
- Size
  
  366KB
- MD5
  
  edadf30df18e6a7ea190041cf3bd4a0b
- SHA1
  
  b33c269642bf42b8c71988b9ddbe298e00b65ef1
- SHA256
  
  3b8761d2e19bc5185f55cc2f575bbe54a45a52fc1c8650a60f1bd13e01e24655
- SHA512
  
  0a22b64f763aa5bf471e2b889899665fa060ae4bd2288c2dd07731aa7411c7d6c2be0c0e3d619adcf064a1815f4a9f641815076970bb690d1ef9390811a1a810
Score

10^/10

goldenspy backdoor discovery suricata trojan persistence
- GoldenSpy
  Backdoor spotted in June 2020 being distributed with the Chinese "Intelligent Tax" software.
  trojan backdoor goldenspy
- GoldenSpy Payload
- suricata: ET MALWARE GoldenSpy Domain Observed
  suricata: ET MALWARE GoldenSpy Domain Observed
  suricata
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

goldenspybackdoordiscoverysuricatatrojan

behavioral2

goldenspybackdoordiscoverypersistencesuricatatrojan

© 2018-2024

Terms | Privacy