Overview

overview

8

Static

static

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    54fd7e70aa1a0e955eee92ded03553d36f738f72c3cc695c3c4a29fc72ef96b5

  • Size

    130KB

  • Sample

    221002-2qs6wafdej

  • MD5

    6c9ec3c358611fa48366cdb1e436dd60

  • SHA1

    9fc2410d4538779e6a4608221f1500dffa081bd2

  • SHA256

    54fd7e70aa1a0e955eee92ded03553d36f738f72c3cc695c3c4a29fc72ef96b5

  • SHA512

    1c6593905f1d8470c2ad40946eba70dee79f8741d7ce8bee3947a4808091e3f350c97fff397449c61e5492f93536daf95f9e89f2b58ae3b4efa2deeb702f8c3c

  • SSDEEP

    3072:kl0img13tG90HdQ3SqtRCHMd6eVPFIOFe/yrC15BYv0m++J7Es2mv0:kljpD9Q3TtEO5Ve/cgEsmqQ0

Score
8/10
discovery

Malware Config

Targets

    • Target

      RUSSKAYA-GOLAYA.exe

    • Size

      239KB

    • MD5

      2d4c59d19c473fd78fd3eaa85392e537

    • SHA1

      c4975d6f81b34561f1bb6fedb8b3cf69f490e0ef

    • SHA256

      801a9133fde2922bbc3cbb5588858cb1712bc8a9a1ed7fab11837ffafa40392f

    • SHA512

      638049ad454a981cb5c6294b17d73280107eecc35fe6e29efa59007f1b5f2162fb5cdaaff9398c1be859f7e4d1cc9eb45da42c39c0c1db8a531242a48e3f3501

    • SSDEEP

      3072:mBAp5XhKpN4eOyVTGfhEClj8jTk+0hB+iwDomG0EE+Cgw5CKH6:dbXE9OiTGfhEClq9Q+pD7G0uJJU6

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks