Overview

overview

8

Static

static

GOLAYA-TOPLESS.exe

windows7-x64

8

GOLAYA-TOPLESS.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    b00c32b840359713093cf18f11cb5b301b2d7f56303028173dc72d77171598d5

  • Size

    117KB

  • Sample

    221129-v1626adb5z

  • MD5

    4cc952fd08fd7b33984e50d1d1378502

  • SHA1

    6b5201b1b2a3d3c37640692330df5a01000002aa

  • SHA256

    b00c32b840359713093cf18f11cb5b301b2d7f56303028173dc72d77171598d5

  • SHA512

    47410cf20220c23de3d1c7223b926ac0472d6214f62b81708c43ce6ae65ac5b485ec5503d82b20e3fe13b1150c7fe4e7c77e68fb7bd4b16fa8b990d9d548b961

  • SSDEEP

    3072:Cl0img13tG90HdQ3Sqt4REVLEBpWxqN83w3NL9Gigo2ZAiR:CljpD9Q3TtOnW3Mh9fgo2ZAK

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-TOPLESS.exe

    • Size

      239KB

    • MD5

      8643c179e4d147893e101bb514e51846

    • SHA1

      f259afad2fc75b2301a74c523bb670fa25a0b3b4

    • SHA256

      f4aa7026d2e4c4d2287a21dc9513008c1b9ecc45d76c95bce96200293414bd52

    • SHA512

      df5aa1c7afb078b7c9896001e309fe20d43a341a9e866c1cf386d34746beb2d61434932f78038966d81a5bfb803239f9f810d01bf6e11074ed18a8801b3a5b27

    • SSDEEP

      3072:RBAp5XhKpN4eOyVTGfhEClj8jTk+0hBTOP+dXe+tW+Cgw5CKHm:UbXE9OiTGfhEClq9kTw+dXTJJUm

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks