Overview

overview

8

Static

static

GOLAYA-TOPLESS.exe

windows7-x64

8

GOLAYA-TOPLESS.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    33dc7d7e348b6bb7f2e34b8d2c8d28bbf9fa94a66b0f38bf71328dc62be2325e

  • Size

    116KB

  • Sample

    221011-sxjrcabgb9

  • MD5

    439e027cc358801e6fe668ee1650b870

  • SHA1

    bf49fc6a0c31bcbaeb3cf479069e49394ba934e1

  • SHA256

    33dc7d7e348b6bb7f2e34b8d2c8d28bbf9fa94a66b0f38bf71328dc62be2325e

  • SHA512

    f9f228fdf4098249d36e63482fcd4711b3463c3a9c658610a20fbbb14af10082420265217fe2832f25d645371e4b6bcb7a725ec4f3f83d7da316039961baf7fb

  • SSDEEP

    3072:SbFcEq/FuXeTBZZTVUsYfwO8zDlOy19XGaUD3OSNUW4GLpe:SRcn0eTBZZxUJfwlcyH/mOSNUzh

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-TOPLESS.exe

    • Size

      174KB

    • MD5

      0d3692bc2dc24d324a86701230e9e7d3

    • SHA1

      2048aaebc94b9bb56a58bebc7af601c65fe970de

    • SHA256

      b75ac8dc3ae9db3756e0029fb5701f65975ac8b65aad8940792d6f594ad5c0f9

    • SHA512

      0c1b75d8fa73bb3822176ba1acfd41fb296faf4dd06dcf834f802d102d244b916b8c14e13d5971e7ca27078f9288ad65bc7e7abcb4f3259e2a694ec9ef41ac61

    • SSDEEP

      3072:ABAp5XhKpN4eOyVTGfhEClj8jTk+0hAeFOq4jMY19XGaUD3OSNUW4GIp8:3bXE9OiTGfhEClq9eYH/mOSNUzm

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks