Overview

overview

8

Static

static

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e87d656f580905de2e0d1bd92775a5701dcf8027a2e73a589bdba16905ac42c0

  • Size

    121KB

  • Sample

    220919-jmfghaega2

  • MD5

    b323a4263f6d0c1b88679f14da0a7b8f

  • SHA1

    c702bd06faa985a892887ec96d155a01edc84bc9

  • SHA256

    e87d656f580905de2e0d1bd92775a5701dcf8027a2e73a589bdba16905ac42c0

  • SHA512

    740a8a0490a3a921a13e69cfe525de13fd5172fd0a793b37b89b08bd03a814913da258a5db8a5f78c2d8710e3978e39160c69f05f8da884006e4131b00f9e774

  • SSDEEP

    3072:jvgEL7Yo4PkH9sIbjF+bUl7UrtvgW3EcUJr+s2d7F7y:jvgEPYo4PkrM4lwFW3cty

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-BABE.exe

    • Size

      239KB

    • MD5

      d141270ed4ca25be1fd7cd61f1d91f1a

    • SHA1

      b5860a78425caa29e00f575de4bcf8dc3314e966

    • SHA256

      eeb248baee68277a58652fa4a8a5c55357027be32389f6fd01c73bc4c3a1b8fd

    • SHA512

      510814a7ad4416d39372f347b774cb7170900a7fc6e7eb07f84212f861a586b406964f3599bd3533a9884c891fc75335eb7daaa562fe1e60ef2f3b7a7f85b110

    • SSDEEP

      6144:dbXE9OiTGfhEClq9npor2Iw7Wuq1IOlWJJUK:NU9XiuiSoTlc

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks