Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b697f98ccd7aa0e93686e5c00b09d94b5b15f851f652f7aa57bd93333ba3f03

  • Size

    124KB

  • Sample

    221001-zlh41agbgr

  • MD5

    454900166e5b1bc2da582b9d1cbc6980

  • SHA1

    5d6f130771e2b0e9bfbd41a2206ce1c8dd61bcd3

  • SHA256

    1b697f98ccd7aa0e93686e5c00b09d94b5b15f851f652f7aa57bd93333ba3f03

  • SHA512

    90ed6330cb662e3087522667e3c1e72bd66786e47d969945126e6cb013e04806d826deb5891a25270e275d295d1e7c0b71e927e1088343a3264c275da013c820

  • SSDEEP

    3072:GnHXMpxcGxFyhQ0bOqYJrC06GdkEfj+BcB9AHDMVTCjtD:iHmGY/o0JrV6GJ+q98DMxsD

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-BABE.exe

    • Size

      239KB

    • MD5

      6839c4c1e533bdef312fa9501b7cd622

    • SHA1

      0a4a288e686a64c0d926e5d5c7ddd46ec7eeeaa1

    • SHA256

      5b40e9c2a5bbd190d09eade750b1ce1a48887f6822a3e8a4cf3f927c38088982

    • SHA512

      d0cafe97a7ab0444424d88d6fddbe2bb0bc9d33abaaeec21101388982d40728d5114d30d1d9b3f7b5d0ea77cbfc6f8067256d4cd7613d14de74ccd196a1dd954

    • SSDEEP

      3072:MBAp5XhKpN4eOyVTGfhEClj8jTk+0hYoO/MgjqEWBz+Cgw5CKHy:7bXE9OiTGfhEClq95/MgXJJUy

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks