Overview

overview

8

Static

static

GOLAYA-RUSSKAYA.exe

windows7-x64

8

GOLAYA-RUSSKAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48c96c1d7045d141e562ca2d88900c1dc8574fd12517d3ac0895808b4138e029

  • Size

    121KB

  • Sample

    221030-h5sdcahaf5

  • MD5

    a30c53dd8b0f5cbac62e90e5640c75cf

  • SHA1

    28906d04154a5d9b11f503f834a75371020c3fd3

  • SHA256

    48c96c1d7045d141e562ca2d88900c1dc8574fd12517d3ac0895808b4138e029

  • SHA512

    b3f7a0b1d2f9e5a5e83b7d15e49671ef4b8217f529769524cd4fddc97957b3233d4adf16dfab312f30ad47ccd6b5cc982b7aa5cf9ad1272cd5a2427d1b155b76

  • SSDEEP

    1536:vQWQFGFI/PvgCRN59/iZCaoWVVGGqZwY88yX7L/08cRrk97rtykIRR:Yrz/BRgZCJKVGGWwY6/0Any1L

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-RUSSKAYA.exe

    • Size

      239KB

    • MD5

      047135131fad15e47d3353eb5bea206e

    • SHA1

      7528ce7af5a279c7dc36f96dd6bec86e502d7de9

    • SHA256

      9ac9ac17b115341ce5821b76ab47d65292a527331e084cc0488257907bb12939

    • SHA512

      b7acc9ef4b917fc90214dfb2a4a1350d254eef19f4b1b493da17fcff74a1b8fb8cd5a5202738a989d4d1e6ddafc6a6b8c32e50bd6241c7a6b6f9bf1bb5fcf348

    • SSDEEP

      3072:DBAp5XhKpN4eOyVTGfhEClj8jTk+0hZij/ywDn+Cgw5CKH6:ubXE9OiTGfhEClq9sij/ywD+JJU6

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks