Overview

overview

8

Static

static

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24d872abc09076b63538a4d3c527b7c182d62b20796e44c8c4e51fadd2a7bb16

  • Size

    116KB

  • Sample

    221107-eqayzagad7

  • MD5

    040c68023d2a610be841f67f0d630670

  • SHA1

    1bb09f0984909ae7fa952d3bc6ee9798ad860b2d

  • SHA256

    24d872abc09076b63538a4d3c527b7c182d62b20796e44c8c4e51fadd2a7bb16

  • SHA512

    5c220b6462a461b4b9b924759a28c2c789a0fcdb431d09000c1ee2d8d9706a23059a22e334ba7ea58a727a91eebe880e2fdf935034117434e13da031f368d238

  • SSDEEP

    3072:+bFcEq/FuXeTBZPia+aCIytaOZ2fIQuV3eTcP/TGx2UN2:+Rcn0eTBZPinRdaOiIQqCc/Tsy

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-BABE.exe

    • Size

      175KB

    • MD5

      0855848b51a95094ec1d6e3435afcdcd

    • SHA1

      c45137d62376862cea69c82257a54206be800fe4

    • SHA256

      028ff5e38ed5512c3a00e337df2326c8e3ec6515e8fee5886c0fb5152e98e99a

    • SHA512

      68403b0ae29a7c04dc30f8a8338b4dced5d76e3c2c56b3093d7888c9c87e788d9a2b3fc72b9724504d26eb4ef8eb79629c2bfae9043d67d559ae4f53e23050fa

    • SSDEEP

      3072:ABAp5XhKpN4eOyVTGfhEClj8jTk+0hAeFCZeTcP/TGx2Usg:3bXE9OiTGfhEClq9z0c/TsJ

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks