Overview

overview

8

Static

static

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fc2298cdf63f60af0caff24340b417aced238fea9b362a6c166fc1f2a8a2429

  • Size

    99KB

  • Sample

    221121-vm34cadh7x

  • MD5

    3099cd7780df19c7e170d72c93e05510

  • SHA1

    cc2c0d808ba6f39876fedade3e1276dab9fdacbf

  • SHA256

    2fc2298cdf63f60af0caff24340b417aced238fea9b362a6c166fc1f2a8a2429

  • SHA512

    80cd3f80857e2da1fe421de65ec1d0d32524032458d1fe2dd161ef113633b74f2af637eecf6dbe0282ff4f1bf93e0f3cb86dd6a7dcfeb8066b6b1f533ee0db3b

  • SSDEEP

    3072:L47excGxFLPkH9SnbZDaJlncrq6NqMi6nHLl:L+eGYtPk0Z+/ceOqSn5

Score
8/10
discovery

Malware Config

Targets

    • Target

      RUSSKAYA-GOLAYA.exe

    • Size

      149KB

    • MD5

      86963b99db7a9d6660798be28b910d61

    • SHA1

      99c2e0024d8bf88f592b445d7f33fa82d19a27e1

    • SHA256

      4d290ca6bfc7bf253d6c7e40aa8e72f664bc461953e07a0e6461e2f460d0f8ec

    • SHA512

      ea5d866e2a0372dd5376a0e45cafe2906b1206c59b86339c9588a1c98b734ec2fcd331e9614b99857fce5f7626614dfac422ed3ba49a57082e52361b2fc33555

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hir1X1sVys8qMi6nHL2:AbXE9OiTGfhEClq9dd1I8qSn6

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks