Overview

overview

8

Static

static

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bae6f805d4aca2df35d818473dede4e39ccfd661bb997303844026aeff8c74c4

  • Size

    132KB

  • Sample

    220919-bq89zseddj

  • MD5

    c7145c5f84d302120cc5d60833256daf

  • SHA1

    408a2e59db9da69930b24fe7115ccfca3ddd2aed

  • SHA256

    bae6f805d4aca2df35d818473dede4e39ccfd661bb997303844026aeff8c74c4

  • SHA512

    4e128312164b9e96b81901d56bb5c38e8686e44b79fec2a2301e10ae8ae787bfdf0005d76b335c3cf94f6646bef1e5c7481fdefd06da908bd7b39396ae3f34c1

  • SSDEEP

    3072:frz/BRgKl+bsTJbUeosb3WPIoSdJ64JbE:fP/BRgKwgNUtSWPIoSdw41E

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      238KB

    • MD5

      bd3875791f0a36ed9122352e1b4fe189

    • SHA1

      a3dff7bd641755b5c8b64c4aab59738ec3842d60

    • SHA256

      1973e4168c5aa035cdc9797ffdede9fac7e84064be5019f533a4ac3de2edef0f

    • SHA512

      1709eff81fc9ee3760f3d6128a228655cadd04144d1f877e2c0a04e6ce2215eeb6c2acebca02d741f3a6090a239f1f652547e4c3badcc99db64dc35a8379ff67

    • SSDEEP

      3072:tBAp5XhKpN4eOyVTGfhEClj8jTk+0hd255d5q5hQ2+Cgw5CKHm:obXE9OiTGfhEClq9uk5d5q5hQXJJUm

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks