Overview

overview

10

Static

static

1

GoldenSpy (8).exe

windows7_x64

10

GoldenSpy (8).exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GoldenSpy (8)

  • Size

    366KB

  • Sample

    220707-lz5y2acaem

  • MD5

    09b4079b039d13b47944e4cc7182f96f

  • SHA1

    466a4dff21787949f94678be0c9b5c87e22a0bdc

  • SHA256

    41103f32f247ba744a8fbe17deac4bd26aeba323f3161e44adc35f8dd81ce4d3

  • SHA512

    b08d040ed51dfbe846de569973a7d63dc5757db53ef29169ae667f7802a49e3909aba86551ee1a6ab97870084ad06503ac683cd908fc0203b1b16adc16883cee

Score
10/10
goldenspybackdoordiscoverysuricatatrojan

Malware Config

Targets

    • Target

      GoldenSpy (8)

    • Size

      366KB

    • MD5

      09b4079b039d13b47944e4cc7182f96f

    • SHA1

      466a4dff21787949f94678be0c9b5c87e22a0bdc

    • SHA256

      41103f32f247ba744a8fbe17deac4bd26aeba323f3161e44adc35f8dd81ce4d3

    • SHA512

      b08d040ed51dfbe846de569973a7d63dc5757db53ef29169ae667f7802a49e3909aba86551ee1a6ab97870084ad06503ac683cd908fc0203b1b16adc16883cee

    Score
    10/10
    goldenspybackdoordiscoverysuricatatrojan

    • GoldenSpy

      Backdoor spotted in June 2020 being distributed with the Chinese "Intelligent Tax" software.

      trojanbackdoorgoldenspy

    • GoldenSpy Payload

    • suricata: ET MALWARE GoldenSpy Domain Observed

      suricata: ET MALWARE GoldenSpy Domain Observed

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks