Overview

overview

10

Static

static

1

GoldenSpy (8).exe

windows7_x64

10

GoldenSpy (8).exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ea5210f8094ec221afc137bd4224e46528305922d122b7113cd5104cc0de312

  • Size

    349KB

  • Sample

    220520-qn18xsdga4

  • MD5

    a903e65871991efdf7b444578378447f

  • SHA1

    90d88c3a193e79dc8a573fe46194b979db1aca77

  • SHA256

    6ea5210f8094ec221afc137bd4224e46528305922d122b7113cd5104cc0de312

  • SHA512

    736e665863a03c6cd932d3f774bf49e9c72dea4c7ff190ed4e7f820626f9080de04075edc288e7a3592359fefc88a4e3d14fbb2de685ce94c777d6eb9eae603e

Score
10/10
goldenspybackdoordiscoverysuricatatrojan

Malware Config

Targets

    • Target

      GoldenSpy (8)

    • Size

      366KB

    • MD5

      09b4079b039d13b47944e4cc7182f96f

    • SHA1

      466a4dff21787949f94678be0c9b5c87e22a0bdc

    • SHA256

      41103f32f247ba744a8fbe17deac4bd26aeba323f3161e44adc35f8dd81ce4d3

    • SHA512

      b08d040ed51dfbe846de569973a7d63dc5757db53ef29169ae667f7802a49e3909aba86551ee1a6ab97870084ad06503ac683cd908fc0203b1b16adc16883cee

    Score
    10/10
    goldenspybackdoordiscoverysuricatatrojan

    • GoldenSpy

      Backdoor spotted in June 2020 being distributed with the Chinese "Intelligent Tax" software.

      trojanbackdoorgoldenspy

    • GoldenSpy Payload

    • suricata: ET MALWARE GoldenSpy Domain Observed

      suricata: ET MALWARE GoldenSpy Domain Observed

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks