9bd32c921174219c0bfd192a31d6486117449a60c8185e7686f2d1a8f0b2fa47 | Triage

Sharing

General

Target

9bd32c921174219c0bfd192a31d6486117449a60c8185e7686f2d1a8f0b2fa47
Size

85KB
Sample

220919-bjz3qseadn
MD5

44b0d12a958cf7b0265ecd81e0ea887a
SHA1

7d1ba371380f7d8a84c1e8aae59e09f313255a73
SHA256

9bd32c921174219c0bfd192a31d6486117449a60c8185e7686f2d1a8f0b2fa47
SHA512

f115aa2da393cd5398918d6b1b25f33a19713fe5d0483d3dce9c5f08e6035d91c5b19d5849e44db1203bb981a84e8ed79c547412c7bbac2c8949461a0c5fd858
SSDEEP

1536:dQwHfvMS0xcGxFyhQkrnb1Mq9WbYdpA+UD5Xb+xzzlgVrOre4pUi8OgDE:dnHXMpxcGxFyhQ0bOqYM7TU5b+dp2rCz

Score

8^/10

Malware Config

Targets

- Target
  
  GOLAYA-SEXY.exe
- Size
  
  181KB
- MD5
  
  fa74fb27d2cd5d0ebfce9d301c3ef918
- SHA1
  
  610c05cf48359612b4e766a409cfcb5d56d43bf6
- SHA256
  
  d607b0c6c9e1e2d323ae1c598f31c440b5d972878614bfa8ae4786bd8834ce1d
- SHA512
  
  df9e3b4b8d5cc65462d329422ff260ddea1a0c73a38d94059387aabfd1b31919ab47aee369150192ebb6edaff10c478d316d583039f74d655cfda152848883fb
- SSDEEP
  
  3072:NBAp5XhKpN4eOyVTGfhEClj8jTk+0hfAWFmEeQqqqqqqqqoX:IbXE9OiTGfhEClq9K9Q
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2