Overview

overview

8

Static

static

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    c19ec097b90c68c2a6822490339d4ee1319010d99970102f3e149c383734303f

  • Size

    119KB

  • Sample

    220919-rdzssacah9

  • MD5

    659cded01cb73f3ba42ba31baa75fa92

  • SHA1

    9d7da601378a7e183c46d3f5b079a1f6a602e00a

  • SHA256

    c19ec097b90c68c2a6822490339d4ee1319010d99970102f3e149c383734303f

  • SHA512

    dec238d789f9a502c748fbd9ff5fceccd37461e7e891eacf7910e648529e556ef4c64165444bb716b23a5f624b99178c0a4f9a2671c734f2198717f28d3b4a2b

  • SSDEEP

    3072:snHXMpxcGxFyhQ0bOqYDl8WgmFHZ47et+jGkNby6gXr:8HmGY/o0h87mUSt+jRuZ7

Score
8/10
discovery

Malware Config

Targets

    • Target

      RUSSKAYA-GOLAYA.exe

    • Size

      239KB

    • MD5

      471ee52782395766d6e60db78eea6bf1

    • SHA1

      86886592b9281a9b640c06b3cb7742955405d0ee

    • SHA256

      f251a94739170aaf1ad716e6f31645cc3bb2350fc5e0ccc135511d9618f0386c

    • SHA512

      c2759eff3ce5ebebbe779bda325a1b35d1c9a10c06f15c99f1b3ac760ed9376540a20c0bb99f406db46b6e20ae361ac7c41bc5b1edfc981daed89bc2f89327dd

    • SSDEEP

      3072:OBAp5XhKpN4eOyVTGfhEClj8jTk+0hbRBrICPwXAFxTTw1BV56nt1UrknjaT5/e4:lbXE9OiTGfhEClq9aW6EBMbJ4JJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks