Overview

overview

8

Static

static

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    2631d07fecf0e7853527d778298b34b71a66dbe80cb2021d6b7ea1cce161bfa6

  • Size

    99KB

  • Sample

    220919-v5xdhsedcm

  • MD5

    ef47d4d8e60e4192fe5a555b55053b4e

  • SHA1

    9b1d344f098391c062561a4d0094c08d7e2ab5d2

  • SHA256

    2631d07fecf0e7853527d778298b34b71a66dbe80cb2021d6b7ea1cce161bfa6

  • SHA512

    0c842f0f0e1f1f2e67faddd9f077afe362e64957b1572309279b4aea647172ea28fa7776cba9b9c117931cf438e420817706cfa042f7766e42c01d197d4d7879

  • SSDEEP

    1536:+Q47WXxcGxFz2SPkIJNE9SnblzDaJ/BNv205NBCd91dJnysGKd+gqYfMazK:V47excGxFLPkH9SnbZDaPVC7smpfM7

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      149KB

    • MD5

      977c93c6bc8681e1c6f4957be7346fb3

    • SHA1

      d6dd40443ab855f7723163573a99d2073f3e5ab7

    • SHA256

      49ad394c9e66be0dbdbb2f39ae0dec9d73524c5adcfa0b2ab42a5c9f021c860a

    • SHA512

      43a35a1cd5b232c1c905c0d99b837cd0cb62da18fd2f347ca19ca93ae0a0f00156f16ae105e4f26190008d791535d76960c3c5e7b3090316c33a9364147e4158

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hizJREUzffMe:AbXE9OiTGfhEClq9XKUbMe

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks