Overview

overview

8

Static

static

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    686d5a176920cba7476f1227e3b929af87d2b4b94e2e563cfa10766d59b80be7

  • Size

    120KB

  • Sample

    220919-rfw5nscbg8

  • MD5

    51f62ad91252896984b592391d02bd44

  • SHA1

    452e668f58b941390c4ac5a83b8a5af741ccdd2c

  • SHA256

    686d5a176920cba7476f1227e3b929af87d2b4b94e2e563cfa10766d59b80be7

  • SHA512

    972c8b3d2f684ed67795d5891a8f48c674114bf1d29a9403aa926e1de9d997e5d87b214bc1f34082ba7e948bd68cb7818fd4e2f75f86845284c98850c2967acb

  • SSDEEP

    3072:RvgEL7Yo4PkH9sIbWsVpJ2Aoi9eDrCjSaQmeoH:RvgEPYo4PkFX2896rHuH

Score
8/10
discovery

Malware Config

Targets

    • Target

      RUSSKAYA-GOLAYA.exe

    • Size

      238KB

    • MD5

      f524273708c9fca321b762ed15ee1ee9

    • SHA1

      af2ba68730c2e5c08374569a64a1df2287e22587

    • SHA256

      9d6fd723483da1274a4f6ee09d23b0c898b86373a4df292999c0668b63dd68c5

    • SHA512

      451f530366bffd88cad0198c013e136a668eebb670d2d4296e5358a542fa8a33030bf1a8684e4087246ba894b98929a8aaf6d9af88b331418cb83cb573afadf9

    • SSDEEP

      3072:uBAp5XhKpN4eOyVTGfhEClj8jTk+0hqxXIqHkkZWx+Cgw5CKHK:FbXE9OiTGfhEClq9iqHkkZWoJJUK

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks