Overview

overview

8

Static

static

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    8de8c8b8f70eb29165f9426a4a54ecc7dc1b8fc57f7b0be2057f9b228e461b4c

  • Size

    117KB

  • Sample

    220919-bpnlwsacd8

  • MD5

    ef93bea0e409dab02826be764a1f13f6

  • SHA1

    2d87112cafa0dfc6a12a0ede7d098f0d1496c2e3

  • SHA256

    8de8c8b8f70eb29165f9426a4a54ecc7dc1b8fc57f7b0be2057f9b228e461b4c

  • SHA512

    d067dc41043b559a021d39405fab95b5db2e8960465c12f92e1f4cc312a9d5ad0a4fe1879013e9f17ff18b039e2dde803bf019eeebe9c8a840b8b6f20c3b8d51

  • SSDEEP

    3072:Pl0img13tG90HdQ3SqtER11DhcriIg/8Jb1/lNQEzWWXcZAdePuj:PljpD9Q3TtA1tcg8JnNLFXIAI2j

Score
8/10
discovery

Malware Config

Targets

    • Target

      RUSSKAYA-GOLAYA.exe

    • Size

      239KB

    • MD5

      5ddfe645d3cbe2590b34e5afa2deb822

    • SHA1

      df310df675c59e8958aef6ce041e78118696ad5e

    • SHA256

      b13c0037e3ac532d246bd13e0e096509fd2fe9fa688de1bea39596368fa3341a

    • SHA512

      ccd3706dcd7dba5543187ef6375d34eee6a07807046386f7ab0540583a9f583f583bcd7157f2c756dbb0c08f399c65aca20652ee698378d2e255cd41ce7e4ed4

    • SSDEEP

      3072:cBAp5XhKpN4eOyVTGfhEClj8jTk+0h1Rqsrf6XFfuoyTNwTJSFya+Cgw5CKHG:LbXE9OiTGfhEClq9+6btJJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks