Overview

overview

8

Static

static

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a32cf7d38cecaf1f09e5c3cf228c231919b843c49f5296d4662b495992e625ae

  • Size

    100KB

  • Sample

    221011-sxrryscaen

  • MD5

    63c748fef014bffaaaea78ae69c47c30

  • SHA1

    425ca6018ce6046555640ac610d9a073df9e0207

  • SHA256

    a32cf7d38cecaf1f09e5c3cf228c231919b843c49f5296d4662b495992e625ae

  • SHA512

    c268846ded3eba3af31f36dc39c28cf41473d20fc796676bebb7b3016d42685fdbbb40ce094bbf9821078ac4017c8d43ab27c093ce340a55382a81580baa24b2

  • SSDEEP

    3072:x47excGxFLPkH9SnbZDaWUgvCqiwLlD+ur4FG1dgcjT:x+eGYtPk0Z+Wda7wAurkGXj

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      150KB

    • MD5

      4cc42c8dc48f61f0c412ca91e4f57fd5

    • SHA1

      d132a8d93af350d331348103ebce31564e57ad2e

    • SHA256

      0d0e2cafa773aab31a1e8b965222b3dcbb831c447da8ffdf959c7c0f50443f01

    • SHA512

      a9e2342c4b56807540f4103c44d281883048ae004f32592c9aa65bc0495847f07f15d11e73be6733a56d68a5b24b876cb45396b9779945abe98eba79f57b209e

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hiewyyhqar4FG1dgcjS:AbXE9OiTGfhEClq9pxrkGXi

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks