Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd0dfd49642fbb543c0fb90076150193ebfbb890263969e7da99bb042c06907b

  • Size

    100KB

  • Sample

    221001-y63hpsebf9

  • MD5

    732d7e65426d04e7b50556830404fc10

  • SHA1

    51c2a31dd80f6f5ed10018efbe074e0c1e8573fe

  • SHA256

    cd0dfd49642fbb543c0fb90076150193ebfbb890263969e7da99bb042c06907b

  • SHA512

    54ec9ebd2371e5ccfd210341d6125c516a4c83c36c48beef474e99c2767046c2551189955aeade98efc349fb99f4cdf6754a0b5bfe8db02a69f2e0ceaea020db

  • SSDEEP

    3072:347excGxFLPkH9SnbZDaUuSUXJjGy/t9iiW4wFV:3+eGYtPk0Z+Uu1XJjGy/tkibSV

Score
8/10
discovery

Malware Config

Targets

    • Target

      RUSSKAYA-GOLAYA.exe

    • Size

      151KB

    • MD5

      929249810766a10968b94e8a81612a8c

    • SHA1

      a0feddd63c524bf302822a8e6aaaca3b3778905c

    • SHA256

      e8d096ff9607f10651e1a3f1f472e49221bd32e2a3d1024ea163328b3df4dcc0

    • SHA512

      289af9dd00b9f00faab0b019e4123c2f59efda915b8bfb0129f4e6e99cc44c5a564c951989d2553397ee57cb33835f07ad4e239ae67f97d39bf4abeaceb142e7

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hi6uGoo4wFe:AbXE9OiTGfhEClq93dSe

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks