Overview

overview

8

Static

static

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    256449395821e1ea629ad9b59939a4f3e0f7f0d115dad467f502d40ce85fa4f3

  • Size

    116KB

  • Sample

    221002-2lta3sdgc4

  • MD5

    708aef98a64636d248e5062d940c9b40

  • SHA1

    fc979f027cbc4d14aafd1ba431323e7c3b5bef17

  • SHA256

    256449395821e1ea629ad9b59939a4f3e0f7f0d115dad467f502d40ce85fa4f3

  • SHA512

    2a39dfa934cce8a0633a73074e79be1919ec46fdc572124005a0f99f70960bf8ccafa97e8805092d1e1b19e2b4069ccfd262e28f04fc1df12cdb88923f95d9e7

  • SSDEEP

    3072:ebFcEq/FuXeTBZPia+aCIytaOZ2fIQu4c0CWtD/X/rDJEm:eRcn0eTBZPinRdaOiIQ9cWtD3T

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      175KB

    • MD5

      b53daa1f2dd2e75f53fc831c09ed5a60

    • SHA1

      2e94439745154adbc8cd439151d4772106cfe9da

    • SHA256

      574c9484a27f445ccf29bc429a360ca5bc33ee4842fee4e0e9c95fe43010aa82

    • SHA512

      4f030f043b91314f4d7fb536a5c222dd65f44664116270c268386130ac0497e95983edb716abcd65936c8c4d149a02ae50fe9e656aeeecf7779d261adae418f2

    • SSDEEP

      3072:ABAp5XhKpN4eOyVTGfhEClj8jTk+0hAeFsZ0CWtD/X/rDJdq:3bXE9OiTGfhEClq9p3WtD3K

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks