25bb7989ae0b61679520689b3d554c7845745efd9e0089e1f24fab3ba409e42b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25bb7989ae0b61679520689b3d554c7845745efd9e0089e1f24fab3ba409e42b
Size

85KB
Sample

220919-bj81mseaeq
MD5

10a4123f5f69e1efaa89fa3383e4f100
SHA1

f421a6a9a23bdac9f92f7fc8cbcd6a065ea28bcc
SHA256

25bb7989ae0b61679520689b3d554c7845745efd9e0089e1f24fab3ba409e42b
SHA512

8fae27c223ba2318032966a6e044ac9097e7e6c15a0f740a3ad72d9ffaccc9758599801ec667001e5066ead8dbe5b09a65415dcbd358c373cb85e657819891b0
SSDEEP

1536:GQwHfvMS0xcGxFyhQkrnb1Mq9WbYdpA+UD5Xb+xzzlgVrOre4pUi8OgDf:GnHXMpxcGxFyhQ0bOqYM7TU5b+dp2rCA

Score

8^/10

Malware Config

Targets

- Target
  
  GOLAYA-DEVOCHKA.exe
- Size
  
  181KB
- MD5
  
  fa74fb27d2cd5d0ebfce9d301c3ef918
- SHA1
  
  610c05cf48359612b4e766a409cfcb5d56d43bf6
- SHA256
  
  d607b0c6c9e1e2d323ae1c598f31c440b5d972878614bfa8ae4786bd8834ce1d
- SHA512
  
  df9e3b4b8d5cc65462d329422ff260ddea1a0c73a38d94059387aabfd1b31919ab47aee369150192ebb6edaff10c478d316d583039f74d655cfda152848883fb
- SSDEEP
  
  3072:NBAp5XhKpN4eOyVTGfhEClj8jTk+0hfAWFmEeQqqqqqqqqoX:IbXE9OiTGfhEClq9K9Q
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2