General
-
Target
db3407c42600c656420f0d1bc63fe7887030b2e407da6983374e1a6bf9ce1c94
-
Size
100KB
-
Sample
221003-2wgp2abbak
-
MD5
536092cfa9e366c52e47c7911c9ebab0
-
SHA1
a3c8767f1d88a2b119536edd71b9ea313adf3a38
-
SHA256
db3407c42600c656420f0d1bc63fe7887030b2e407da6983374e1a6bf9ce1c94
-
SHA512
512c227f5586793ded704b18e0127b6930d9e1c1b3faecf00366c0788068faaec46938600b7f5cc92650af4297736c8bfa79d005fbea095da778b24f7592cb09
-
SSDEEP
3072:/47excGxFLPkH9SnbZDadkSH0ZT3V6Y9vVMcab/haOY8SYasTf:/+eGYtPk0Z+eSH0ZTZT4AtYrT
Malware Config
Targets
-
-
Target
GOLAYA-DEVOCHKA.exe
-
Size
151KB
-
MD5
393261517b0efcf54d316cc541c9f590
-
SHA1
a3db81c8fe7ad5803e9f6f1f6457cfac823984f4
-
SHA256
db81ced9847834936d34d84c7183b75ec8da668e79750b3fbf7308de2ec3fa73
-
SHA512
0f2c104a420d3d10486d72af1cc83a1e5ccc02842788e7e3b71713538eed46390e506932dba86ea6602f4f0a4d319864e8c19a83e69a2eff7e4337f954edad46
-
SSDEEP
3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hiV57zMcab/haOY8SYasTp:AbXE9OiTGfhEClq9Fn4AtYrN
Score8/10-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-