General

  • Target

    1871d3ab63012f446be1e1be153b8eb4965d32ff206b0d8e2c484e33362d1743

  • Size

    119KB

  • Sample

    221003-3gd62acbg7

  • MD5

    5e6ac912c966e9b0a3a0c4c78d46dd84

  • SHA1

    3f32f30b0b62ed8c7293caf4f14fcbd483b070f7

  • SHA256

    1871d3ab63012f446be1e1be153b8eb4965d32ff206b0d8e2c484e33362d1743

  • SHA512

    d9e52bcd297f1668e6f53e8f9adaaf760b118d61ca2814e82c522c1bf74fe6aeed7dd52c065a3044c24afb0001bdfe25069f2d959c8b73830827069156218d51

  • SSDEEP

    3072:Frz/BRg1SR31UMrsj1BzoAGuw0bNtMPHS5Z+aQT:FP/BRg1SR31UMq+v0bzMPHGc

Score
8/10

Malware Config

Targets

    • Target

      GOLAYA-TOPLESS.exe

    • Size

      239KB

    • MD5

      22c9f0d7dfadf25b221bee4d6fe9c39f

    • SHA1

      171e6a865624222ae347d828a2a415a243c05951

    • SHA256

      bc604cfca1473eb7ceb590689348f5a840a6e9425319e9ef120a893390345c58

    • SHA512

      352265ba2ced7b5a6c2ee82f4fbf4788bf20a840684e827c548792e814f191da6be20b820bc8eebd77cfd27880904018cdc8ee5a54893e7eedd27e1cd196eee1

    • SSDEEP

      3072:kBAp5XhKpN4eOyVTGfhEClj8jTk+0hM3GRjDNOoCya+Cgw5CKH2:zbXE9OiTGfhEClq9EjQKJJU2

    Score
    8/10
    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks