Overview

overview

8

Static

static

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    28ff1a68194b665a69f9da6b5e7c6c1bfdef509a41da24f58bbec6bca20064df

  • Size

    100KB

  • Sample

    221003-2wrj8sbbbl

  • MD5

    647ddb271f691ce54f7ee93007ab7eb0

  • SHA1

    82c27c03ddb22d5d71f90e738ef56849e593f7e8

  • SHA256

    28ff1a68194b665a69f9da6b5e7c6c1bfdef509a41da24f58bbec6bca20064df

  • SHA512

    d06fb7818510ef926475099cacb4088f61522073ef766b8b564402f62d6d3639954c44cd18fe50ff7a339eca745d63ec8f13e68e2049a48fe41237ac0e1d64db

  • SSDEEP

    3072:647excGxFLPkH9SnbZDaPvYSUreKkeJuH9nj:6+eGYtPk0Z+ISUrR7oj

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      151KB

    • MD5

      355645a5b17f05e83ec34aa3c92cf1c7

    • SHA1

      86be5fc81cbf6608cf7c0562aab214b502bea423

    • SHA256

      9b8bbfcbfe7fbe04408a11bb671dad69906cd95a2a89a94c3d2acaa62823a15c

    • SHA512

      c184a409860a7acf1d35053ac14bab142adb465312196c7f47e40f3c86c3db167ee6d899b2b1626fd7af38abedf5361531e9c4f11e59a4dd0ceb137cfe0e623b

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hiwgaHTeflTeJuH9nT:AbXE9OiTGfhEClq9agaza0oT

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks