Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8693eefa0c2165a6a830e9cc044326229522d9b2b65c120bb7129c7eebd466a9

  • Size

    99KB

  • Sample

    220919-vyyb8seadq

  • MD5

    5d7d217da30855b47630d46438d8a62c

  • SHA1

    2ed384750e875ce6ee2669588d0ffbbb6f9d43a3

  • SHA256

    8693eefa0c2165a6a830e9cc044326229522d9b2b65c120bb7129c7eebd466a9

  • SHA512

    db22a2737d5f19ddf806da31b90996af735bb7bbe492aab462840cd0267faccf3f83daaa839e934ea0c871e89dac1414daa863f971515f7eb931b81bc96de2c7

  • SSDEEP

    3072:J47excGxFLPkH9SnbZDazo21mLtQqVI+8iXv:J+eGYtPk0Z+zo6JDiXv

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-BABE.exe

    • Size

      149KB

    • MD5

      e1fb70408c7945c6524c321063bd9570

    • SHA1

      ebcd6a63fac9609c46e9c84708aa1e5701ee7775

    • SHA256

      3e2da7a655e400f9e6ad442d4db21bac0a9528bc825aaaa8fdd97406458a59ed

    • SHA512

      58751bd094dfc28c8b83085a480f70d1dfc97b990e69d90c4abe6ad5ec68c2a215445a664d5287bc624eab4175c2479fe6f0802b045fea61c12449af05f34814

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0higWrUzM/XP:AbXE9OiTGfhEClq9GWruyXP

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks