Overview

overview

8

Static

static

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ac297877e6c05725bc74116d34dae5711a8f0edba29b3fc44c14f570c749742

  • Size

    116KB

  • Sample

    221020-trh4ascher

  • MD5

    5da986fdf85b8e0f4f7cd16de1d5e890

  • SHA1

    c4ef70a6583e5f48580fb1ecd9a9add9a2008963

  • SHA256

    1ac297877e6c05725bc74116d34dae5711a8f0edba29b3fc44c14f570c749742

  • SHA512

    8e662880402436f4e2302da859f0e4317b4898742b367061adc9fbddbd850bc829e46fe0b9d80338c1f037e063db93bd3bc45f737a946607ae16a463a632af45

  • SSDEEP

    3072:2bFcEq/FuXeTBZZTVUsYfwO8zDDvLp1ZfRfVv0gr:2Rcn0eTBZZxUJfwlDvtN9sM

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      174KB

    • MD5

      940ea74edf627c19f88627fc5da79fb9

    • SHA1

      cf4c85022398b7833fcd96b639043dabfca6bc0b

    • SHA256

      0d5428b43606d785e233906a461c345a3c233ec35e4aba381f91df5c935a99bb

    • SHA512

      7e6e7e0d379e316cd7efa0e931d3e0b409994cd49b52c43b3d211c9cb2a5db3610824db76e8f4d3ee9fbf65710e60e1e7ba20a32e46d525cdef205b078501960

    • SSDEEP

      3072:ABAp5XhKpN4eOyVTGfhEClj8jTk+0hAeFFq4jMY1ZfRfVv0Rw:3bXE9OiTGfhEClq95YN9se

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks