Overview

overview

8

Static

static

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a0ddec64fba067a1becacde868688d5be3efe378aa085684bd67347a4a0f77d7

  • Size

    100KB

  • Sample

    221001-y6hhjaebd8

  • MD5

    73a13aa2f3bf37a3fa4242388f030fa0

  • SHA1

    278f83cb8b3211782353110dcabd551b5488d943

  • SHA256

    a0ddec64fba067a1becacde868688d5be3efe378aa085684bd67347a4a0f77d7

  • SHA512

    0c8da6566c56f15dbda96e48cafd0eb4f8f39faf6fdd4328bf9a7109ef787a060abe6110ad0543a203a395b5c1078b4292de7e8111b532e7b606eb7ea1998ba0

  • SSDEEP

    3072:K47excGxFLPkH9SnbZDaWxdL5R81+rhDT2KOweda:K+eGYtPk0Z+Wxl5e1+rxJxEa

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-BABE.exe

    • Size

      151KB

    • MD5

      dac386e7f20cfc2b696f170a74c08b32

    • SHA1

      9bb5ebaf5acd26aeaed14a0e1b523f82fd218684

    • SHA256

      eab9a0802104a987df42d7b337700c4b4da27d557f03899227646b04e65f992d

    • SHA512

      69e66a9c72dcf66105275ef3873bfa6a7facded688c4414ea9ea203aae5b7d2e3a86f44a4b755e6b972152f8aeebe121c9e8cafc6021132f6434571b67402624

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hiSjVtrhDT2KOwedt:AbXE9OiTGfhEClq9SJxEt

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks