Overview

overview

8

Static

static

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    97b60346134d5a568c08eb0207f09a2781acd2905ff406b8af7833b503ca9340

  • Size

    99KB

  • Sample

    221030-h4s89ahac3

  • MD5

    5e1196bd35931c8b9255e0bc819b9750

  • SHA1

    163c9e2f2a6f5dc3d8d7bb4eff55371b10690cfb

  • SHA256

    97b60346134d5a568c08eb0207f09a2781acd2905ff406b8af7833b503ca9340

  • SHA512

    026fe97f41b3b703998003703f47d0329b8ea0367c6fc506553539fb8c410d7c8909dd611a8c747385a94be448f5d2e2921fb905a4ff359a61cdd02a5d531dce

  • SSDEEP

    3072:947excGxFLPkH9SnbZDaJlncrq6NqMi6nHLz:9+eGYtPk0Z+/ceOqSnX

Score
8/10
discovery

Malware Config

Targets

    • Target

      RUSSKAYA-GOLAYA.exe

    • Size

      149KB

    • MD5

      86963b99db7a9d6660798be28b910d61

    • SHA1

      99c2e0024d8bf88f592b445d7f33fa82d19a27e1

    • SHA256

      4d290ca6bfc7bf253d6c7e40aa8e72f664bc461953e07a0e6461e2f460d0f8ec

    • SHA512

      ea5d866e2a0372dd5376a0e45cafe2906b1206c59b86339c9588a1c98b734ec2fcd331e9614b99857fce5f7626614dfac422ed3ba49a57082e52361b2fc33555

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hir1X1sVys8qMi6nHL2:AbXE9OiTGfhEClq9dd1I8qSn6

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks