Overview

overview

8

Static

static

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f58ba90cac2ddf0e3dca721d76ffa20ddab736af2168feaa8c63668bca5103cf

  • Size

    113KB

  • Sample

    221030-h44d8ahad3

  • MD5

    9373555b67107e0237341d6ce71905f0

  • SHA1

    1b702ad89c8236e6f56ef8be29d900f544cacccd

  • SHA256

    f58ba90cac2ddf0e3dca721d76ffa20ddab736af2168feaa8c63668bca5103cf

  • SHA512

    f8bc60ebbe43eae68a9d695d0f2fb6a7964586a61b086edf1647b8b3cb04db3d5c08760c1620ece779334014a53b074ed104850d70dc3c7a2b1323b53884938f

  • SSDEEP

    3072:nu3tG90HdQ3SqtU1cDE9h4OQ1AtecD66/OdM949Ww:naD9Q3Tt8cSKA0Ma9L

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      169KB

    • MD5

      726442f17caade10caf29cfd008713ac

    • SHA1

      b64392e12da543f2826c77d61089a8cbefa36e3e

    • SHA256

      ac26d25ae9cf382024cf16762cc48e133d6efb64a9b98e1afa649cd39a519bef

    • SHA512

      e9fd9c40cee48861add5a15d28495f1045a778a29b6876adcea185df96686bf53a0ef55ca8e91b4c0bcc38c1b384e48b19d2656850cb2238bfe83945d1258269

    • SSDEEP

      3072:gBAp5XhKpN4eOyVTGfhEClj8jTk+0h66dU720F0D66/OdM949Wc:XbXE9OiTGfhEClq9n6WxDMa9L

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks