Overview

overview

8

Static

static

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    b8aae620709ae1d46dbff17765044cfd27f6cc9f3b7b033185453422aac1c0f8

  • Size

    119KB

  • Sample

    221129-v1ctbaac44

  • MD5

    4811bac4636d9f3d18c9a5400e9bcbc1

  • SHA1

    0c87a8edc8a7add7324f28ff86d035179e2d0716

  • SHA256

    b8aae620709ae1d46dbff17765044cfd27f6cc9f3b7b033185453422aac1c0f8

  • SHA512

    fdf0b04fb6b44dcb2b20040fdf981e6bec54a4c625da7d47593d6c57d90557700f04648eb825fa727244315cf1ae4d987c6784da66e6e098250eba5f79ce0a82

  • SSDEEP

    3072:unHXMpxcGxFyhQ0bOqYDl8WgmFHZ47et+jGkNby6gXe:KHmGY/o0h87mUSt+jRuZu

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      239KB

    • MD5

      471ee52782395766d6e60db78eea6bf1

    • SHA1

      86886592b9281a9b640c06b3cb7742955405d0ee

    • SHA256

      f251a94739170aaf1ad716e6f31645cc3bb2350fc5e0ccc135511d9618f0386c

    • SHA512

      c2759eff3ce5ebebbe779bda325a1b35d1c9a10c06f15c99f1b3ac760ed9376540a20c0bb99f406db46b6e20ae361ac7c41bc5b1edfc981daed89bc2f89327dd

    • SSDEEP

      3072:OBAp5XhKpN4eOyVTGfhEClj8jTk+0hbRBrICPwXAFxTTw1BV56nt1UrknjaT5/e4:lbXE9OiTGfhEClq9aW6EBMbJ4JJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks