Overview

overview

8

Static

static

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    562b2c5b62141a7e1646db26724794cc36f7e8ea485475b3facba92c35f3165e

  • Size

    106KB

  • Sample

    221030-h43gxsabam

  • MD5

    574d5ba126f5e8d6ce76410158441ee0

  • SHA1

    f295427c8a0fe7bc0ba379af24920206949d3d86

  • SHA256

    562b2c5b62141a7e1646db26724794cc36f7e8ea485475b3facba92c35f3165e

  • SHA512

    db83b45dc3885d9f863dc5b0d0e155511f5519586934a5cebb22d4aa732260c799ea7f367058910d1c50c7beca4e45c64bc566efa6c0d0d61bc478cd4592c683

  • SSDEEP

    3072:aDyMo4G90HdQ3SqtaVrvf/ZSjY90x8yd64:avo4D9Q3TtaVrn/ZSS28ydx

Score
8/10
discovery

Malware Config

Targets

    • Target

      RUSSKAYA-GOLAYA.exe

    • Size

      186KB

    • MD5

      80c64043c1255c20f0207bf9a925a088

    • SHA1

      5975af4acc9fc810bc884694f768020ef8e2d9d3

    • SHA256

      fda8ec2e54d0071d4d79ea14d2207a47bef32866347da1191f6fcc3e1a37f285

    • SHA512

      13f29cae9211cb345d11d194eaf9041ee5003e89d0fc5f5aba73175c9317d380bfa7374aa2e54c1692e6e6f41020a8572d60466bae6c023d256bae5b8660ad7b

    • SSDEEP

      3072:rBAp5XhKpN4eOyVTGfhEClj8jTk+0h3NxGqJy0x8yd6O:WbXE9OiTGfhEClq9V28ydV

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks