Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e884e669bf31b2d3e48de0394f54d2c2e806117e68a82d358e9becf1d926c392

  • Size

    99KB

  • Sample

    220919-wcpzeaegen

  • MD5

    16a18a68514ce83fade56d889d3938fd

  • SHA1

    e9f5e26a7feb9ed41a7511a8c723c13ab91f5286

  • SHA256

    e884e669bf31b2d3e48de0394f54d2c2e806117e68a82d358e9becf1d926c392

  • SHA512

    c33788d7392daf839d56d66a3d9138809fc4766bfee737a482c41555feccc4b83872194afbbcded18545a1db4f047b6e822160b162298e53feb9cc0b9e89ead0

  • SSDEEP

    3072:y47excGxFLPkH9SnbZDabWDLZKTOrvn7BWC:y+eGYtPk0Z+8Lhrvn4C

Score
8/10
discovery

Malware Config

Targets

    • Target

      RUSSKAYA-GOLAYA.exe

    • Size

      149KB

    • MD5

      ff086d0d59b161c9b6c042e902323622

    • SHA1

      a5533ae498366582e9b08cc28821ffd1e00f92a7

    • SHA256

      abdc11a0da5cdc6e005a8fa09cf6398ec337cf7801cf5231e50e987345812ea3

    • SHA512

      c779d69cad19597bf9a619d6f4599d7df4219d77e6144ee694c5076db56013e34781a691d93e6caac15a861b404bc1c15fdce8e70cb02b90ed7a0cc7015738a6

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hieh/zn7BWR:AbXE9OiTGfhEClq9Mh/zn4R

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks