Overview

overview

8

Static

static

GOLAYA-RUSSKAYA.exe

windows7-x64

8

GOLAYA-RUSSKAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    3916479c1082724a6dd52d3ed78ccfb4c3a64a8425231a1184ab5f9acc9929fd

  • Size

    114KB

  • Sample

    220919-rfxq7sgafp

  • MD5

    034402bc2d10b0e1e5063e6b44a64809

  • SHA1

    bc450926496e5b7bf9af0daa79ae0abf9473422a

  • SHA256

    3916479c1082724a6dd52d3ed78ccfb4c3a64a8425231a1184ab5f9acc9929fd

  • SHA512

    d6587fec64e2a81fcb385f20f1044b2beef82450715a046775fa1adde06656fcce4128e5336014c963e0224cecee0bf3cbd4b78a748095026a8f6819ac799969

  • SSDEEP

    3072:+l0img13tG90HdQ3Sqt7PyhbqpfQMJFPhbseoauN7EJ/0wa2j:+ljpD9Q3Tt7PyVcpH5uVK/0Gj

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-RUSSKAYA.exe

    • Size

      238KB

    • MD5

      84fafce88584c5a871cb0d784945d456

    • SHA1

      fd2c40c816e253420db99f2c15a734c3a89339cf

    • SHA256

      2e44d43ddac23374417e7dfafab8e773dd0424ae2632a559c601a6f4aa860395

    • SHA512

      371cd44fb4fc9d1b4b90802fddf0cf06169cdd02a4627651f46d7ef6eb51ce7b30a9c21d22f11a0637a8c09263d1cbe394fb6f879d4d72ceb56823385e94ba98

    • SSDEEP

      3072:pBAp5XhKpN4eOyVTGfhEClj8jTk+0hUy8FlDS+Cgw5CKHm:sbXE9OiTGfhEClq9v1jJJUm

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks