Overview

overview

8

Static

static

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c75ec95f34b400c37089bdc1eff9d617afd01e2b7e38c76d59168ec90744742

  • Size

    122KB

  • Sample

    221129-v33shsae66

  • MD5

    3dec7397e4f25aec5c81d6fd960e9a62

  • SHA1

    40be8dea6cc61c2ea93772ae7e8d1a9d935a603c

  • SHA256

    7c75ec95f34b400c37089bdc1eff9d617afd01e2b7e38c76d59168ec90744742

  • SHA512

    cf299a30854d006220177e4baf4feeafc3f001b65a422b708275dc0e287da3c066f0437d48463d4f53219443945a8edb8804a236c9fecf71892c8a92a7b19010

  • SSDEEP

    3072:2nHXMpxcGxFyhQ0bOqYJWd8qTkF9ec5KqqAgA4DdIxC+Gba9aEp:yHmGY/o0J0T0d5KYgSkSN

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      237KB

    • MD5

      a58d8465f840e1fcad4d41d738877384

    • SHA1

      9f4111ccada5d50048488955a35f27eccb2fd503

    • SHA256

      7946f8a23ac41d420ba85a4e71c108f586cec3b2e8b8a3448f5e4d19404d785f

    • SHA512

      8f30fd6128490effb87ca8831843eb7bc1b3a6e31fe0a989b35c1005d050e1b487124aebf21ffa38d2adceb48dfc7dc28835b5ff463a05f0db8c96a77ad5b405

    • SSDEEP

      3072:DBAp5XhKpN4eOyVTGfhEClj8jTk+0hT6IPEaG562E3nV9uVSUO2I+Cgw5CKHq:ubXE9OiTGfhEClq9gTuRJJUq

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks