Overview

overview

8

Static

static

GOLAYA-SEXY.exe

windows7-x64

8

GOLAYA-SEXY.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a160ec9baab066bb45972b9c9c7b4b026d82eb4e962aebccdd4bb9dcf3fe09ef

  • Size

    100KB

  • Sample

    221019-sv716adfg3

  • MD5

    81c67c34c285ed0702e3276450134680

  • SHA1

    e52956db02141bb4e68ea4574d97c5c27a54ab95

  • SHA256

    a160ec9baab066bb45972b9c9c7b4b026d82eb4e962aebccdd4bb9dcf3fe09ef

  • SHA512

    eed740e020b4317ba6ff50c06a3a69c086cd5bb83a009422134fe28a6fac25b32f3c2bbeb19e3e027b507b2bc84812c0945de73a0f7bfd9e65e960ebc130361d

  • SSDEEP

    3072:r47excGxFLPkH9SnbZDa/neYoU2vlQSIg0+DONIL:r+eGYtPk0Z+/iZ0oOk

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-SEXY.exe

    • Size

      151KB

    • MD5

      91208381d3537614471a8ff960c08a09

    • SHA1

      0fbe92b622d0ebdcf61027de74643ef840465a1d

    • SHA256

      88e46e90d7f0a8a8b181c4ab2383cf0c6d75ff4c0fd78a167c928fc167a03c2f

    • SHA512

      934fe4c504679545c76759b02485e0c0f28dc07d6690542b889333a91d709c891c15d5f94c9feaf8627bad23b6dcf894f68de377a87aa63deaf700a4e1e20954

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hiKB8eADONIX:AbXE9OiTGfhEClq9sTaOy

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks