Overview

overview

8

Static

static

GOLAYA-DEVOCHKA.exe

windows7-x64

8

GOLAYA-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e6d26fc6aa371f83090fb622ad80b48e89fb4a5e4110a0578e7c75be303c190c

  • Size

    84KB

  • Sample

    221202-wbxmvsde7s

  • MD5

    c5dfb8a4597e78e9de987b1fade19327

  • SHA1

    b07975c2b1c9eacc8313a0fc629c4a9c38cb4a66

  • SHA256

    e6d26fc6aa371f83090fb622ad80b48e89fb4a5e4110a0578e7c75be303c190c

  • SHA512

    2a6d824f6458210e14c0829d1b9440f6a67dbe3d6f04b4c66711caece6aaf065400192fd57b044b9719ffaf460e8385a296f373f61c63360cd2d30909e49120a

  • SSDEEP

    1536:xQwHfvMS0xcGxFyhQkrnb1Mq9WbTs4AWf8VGKwki4JG/PZd1Z5Qu:xnHXMpxcGxFyhQ0bOqY/X8VGKEyG/xhD

Score
8/10

Malware Config

Targets

    • Target

      GOLAYA-DEVOCHKA.exe

    • Size

      181KB

    • MD5

      c1eac9961bf688d75ec96b4d38eedfde

    • SHA1

      af7224a1329c61d9057496428cb95c7cebb3f584

    • SHA256

      de19911598a83d5b504cf7b4c24f5f6f8b68dcc6b72b8f79c3b2d353c93accfd

    • SHA512

      c0f76c82c57da5f52deafd3c7b6ec17dcf9653d4ac7f488645743cd61f43dcf196d6647fa6de2345c8ada61a03aeba2b73d9bdd7162689df0a816311ebc9e01a

    • SSDEEP

      3072:xBAp5XhKpN4eOyVTGfhEClj8jTk+0hUEQT3a3:0bXE9OiTGfhEClq9rEQo

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks