Overview

overview

8

Static

static

GOLAYA-DEVOCHKA.exe

windows7-x64

8

GOLAYA-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57bd27c779c352672c55c1cf5d33991130db0920bf1f9d30383aa7970ae992f6

  • Size

    116KB

  • Sample

    221129-v2mpxadb9x

  • MD5

    517bde44308d1b95ee8d9e1834bde345

  • SHA1

    45b54ec1b9f032627604e45d92a506fc8fc3549b

  • SHA256

    57bd27c779c352672c55c1cf5d33991130db0920bf1f9d30383aa7970ae992f6

  • SHA512

    d20c1950fc58e422b60fc147d3c56d0e30d0b3cc8e7b8d4e143126cbbd0d023752de032d79af4165dcb49b3b4d2309118d4b33b917cd9df6b7d60dd21b742388

  • SSDEEP

    3072:OsrbFcp/BRgCKk6rzli+NK0+5T7ZYNSh5ILKRpE:VrRcp/BRgCErzlRotTEopE

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-DEVOCHKA.exe

    • Size

      210KB

    • MD5

      e3ed299ce4982a14a6636310994345e3

    • SHA1

      3734d5ef93aa6a4f5c3f4052e4bd4e20a3218e6e

    • SHA256

      93797469edd71571dac60f7b6e6575904803e00f3ad8504bd341570f64f0bd3e

    • SHA512

      9d3c33a0d826406c359d5bda8ce79348d31540ba3cbed904806cb2aabba5275169f417e5c6e338b102e557c4e004fcecee1504e3b08bbc70eab5d579e42233e8

    • SSDEEP

      3072:EBAp5XhKpN4eOyVTGfhEClj8jTk+0h8xwNhQs+Cgw5CKHG:TbXE9OiTGfhEClq9hwCJJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks