Overview

overview

8

Static

static

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e337caf2f1d271b6a36a47b99573e840bb090fa04895d46f541eccf00d2e1f16

  • Size

    117KB

  • Sample

    220919-bpkv1aacd3

  • MD5

    4da2846c937c154ea861b95273a7d694

  • SHA1

    d31e9be6d250b48244b9a74aa703098c5b4eb34f

  • SHA256

    e337caf2f1d271b6a36a47b99573e840bb090fa04895d46f541eccf00d2e1f16

  • SHA512

    a4ffe1ced4faf7e4db5681dafb58d93bf8495b460ba7c277a3252c83b27061183f97339a1d5d4ba4f748d78191fd817bc2f808de33eb70cc749dcba18fd21843

  • SSDEEP

    3072:gl0img13tG90HdQ3SqtER11DhcriIg/8Jb1/lNQEzWWXcZAdePu8:gljpD9Q3TtA1tcg8JnNLFXIAI28

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-BABE.exe

    • Size

      239KB

    • MD5

      5ddfe645d3cbe2590b34e5afa2deb822

    • SHA1

      df310df675c59e8958aef6ce041e78118696ad5e

    • SHA256

      b13c0037e3ac532d246bd13e0e096509fd2fe9fa688de1bea39596368fa3341a

    • SHA512

      ccd3706dcd7dba5543187ef6375d34eee6a07807046386f7ab0540583a9f583f583bcd7157f2c756dbb0c08f399c65aca20652ee698378d2e255cd41ce7e4ed4

    • SSDEEP

      3072:cBAp5XhKpN4eOyVTGfhEClj8jTk+0h1Rqsrf6XFfuoyTNwTJSFya+Cgw5CKHG:LbXE9OiTGfhEClq9+6btJJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks