Overview

overview

8

Static

static

GOLAYA-SEXY.exe

windows7-x64

8

GOLAYA-SEXY.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    a983cb398c863d7b689ed5c7d38947e028bdbe8bdf52fcbdabd00b3a31353602

  • Size

    117KB

  • Sample

    221019-tr58tsfdg8

  • MD5

    8231897ae94d2f1ef1bfadcdf1e8d3c0

  • SHA1

    60b1dba616d459c31d1d65b6911655849f6e3c4f

  • SHA256

    a983cb398c863d7b689ed5c7d38947e028bdbe8bdf52fcbdabd00b3a31353602

  • SHA512

    a4018fd1219951c67d42fd8726ca62d3050c8f5e8a8e9a14884b05063cb9f31c7af5278e2100864feae904a2a7a83caba79027b508832a7d98f60fde385ca652

  • SSDEEP

    3072:Orz/BRgteOrhaRFuFzTusrMTVfG3PMydNP7M7dN:OP/BRg8OtxFzT1rM5+3P1DjM7dN

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-SEXY.exe

    • Size

      239KB

    • MD5

      83f4cefac5e99822b6a9620c7ad238e2

    • SHA1

      9d2f5837d278f2e4ca85501f8445befb17f35d3a

    • SHA256

      0fe2cbd52327d7e1d96bddc5745bfb9f2b550ecf449d5aba56509cea19673ab5

    • SHA512

      380f042c9fe07b031901af38a6d0fec2e0f59853db5511813726e82d11fcc2bc5878451232e49ba533f6c9e54b11ed8c32919cc94a211287caea2ac41f21bde2

    • SSDEEP

      3072:vBAp5XhKpN4eOyVTGfhEClj8jTk+0hmmaF8Zq+Cgw5CKHe:ybXE9OiTGfhEClq9tKbJJUe

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks