Overview

overview

8

Static

static

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00b78a78f10c9c823f3e0824a9ff6c46884e5319acc5520396d90722abf060dd

  • Size

    100KB

  • Sample

    221003-2wva5abbbn

  • MD5

    6b4987d175c227ebb037712cfa031830

  • SHA1

    c4fd600c9bd489511cb56d5a912550123df9d325

  • SHA256

    00b78a78f10c9c823f3e0824a9ff6c46884e5319acc5520396d90722abf060dd

  • SHA512

    e14a2d41acd2ecafe1adb6f7748711696fe0af9ce167227e66d90364dd6cdbbc49a213aeb731eba1917e33c5909e1b4446fed74d94713bac08f07b9abb925dd3

  • SSDEEP

    3072:147excGxFLPkH9SnbZDa9blab+L269HVqsNfj:1+eGYtPk0Z+G+L269HVfN7

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      151KB

    • MD5

      e6a1b492a91cc502be68de14943e6e53

    • SHA1

      520032514b1a9b64983d274ce2b610a1b53621f4

    • SHA256

      2af38df4700680254a715b121df7cfcc77fcd67a041a5f615d0d95bbde11b861

    • SHA512

      cdbba4ad234f464842b9f367f469abc5e73e5bf2d2046e00effdea217c80782dd76c79c4c91946447ff446d04346a162e7a3c239163c034d96720f570edd1b29

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hixoRmUdzZl5HvkxsNfG:AbXE9OiTGfhEClq90rN+

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks