Overview

overview

8

Static

static

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    7ee991c3d632f17f9d505159b61ce56d9668f6a7441f060533fc6bd333e04863

  • Size

    100KB

  • Sample

    221011-rxzbcsaab3

  • MD5

    15a29f3028f1b669660b04c156801990

  • SHA1

    14656f4580762e8c3168b7103781cbe62b93e750

  • SHA256

    7ee991c3d632f17f9d505159b61ce56d9668f6a7441f060533fc6bd333e04863

  • SHA512

    f7e719d29f0f307cf0edc7f41fcbfd0592524dddd7a8b144bbca7156a4218c1e66159d9498f814e1770557d85a9934151f6863b60882ebb220ae9855977bf663

  • SSDEEP

    3072:D47excGxFLPkH9SnbZDaByNIoCXYBKl8MIhF4:D+eGYtPk0Z+s4oBbMIj4

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      151KB

    • MD5

      b3f845ca159212f50fe671f8be7f31d5

    • SHA1

      ae50522dce1d874cf8e34eb1304fdf915901b0c6

    • SHA256

      8ac55857555aac7b3ef630e53efc5defb4d4b912cfc79ce3f186c123d61edce3

    • SHA512

      57358f7ed4b4c1f2b7c307186be30382e531ef80f562b09b3532c6819b433a0efb86448b69687231488cbbac53d791f2a77493afc1f0412eeb900acb0026dd19

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hit4S1G8MIhFf:AbXE9OiTGfhEClq9nRJMIjf

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks