Overview

overview

8

Static

static

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    f4231ce74e26feef5a28c4dd42cea140984497e65732534c22c979f48b49513f

  • Size

    114KB

  • Sample

    221203-1w4zwshd38

  • MD5

    62b4d6e05273647bc460e81a13b4b23e

  • SHA1

    5e5616576eedf0e7becb7059654e28b68190c7f8

  • SHA256

    f4231ce74e26feef5a28c4dd42cea140984497e65732534c22c979f48b49513f

  • SHA512

    6fe612b3423303f0ab71de0005ce3db2812453bbbfb5515fb746e68d444897ed242ba493e8d62d952962feda6a63f259b1420cf28468fb8282ca939d8ee9406e

  • SSDEEP

    3072:Vl0img13tG90HdQ3Sqt7PyhbqpfQMJFPhbseoauN7EJ/0wa2y:VljpD9Q3Tt7PyVcpH5uVK/0Gy

Score
8/10
discovery

Malware Config

Targets

    • Target

      RUSSKAYA-GOLAYA.exe

    • Size

      238KB

    • MD5

      84fafce88584c5a871cb0d784945d456

    • SHA1

      fd2c40c816e253420db99f2c15a734c3a89339cf

    • SHA256

      2e44d43ddac23374417e7dfafab8e773dd0424ae2632a559c601a6f4aa860395

    • SHA512

      371cd44fb4fc9d1b4b90802fddf0cf06169cdd02a4627651f46d7ef6eb51ce7b30a9c21d22f11a0637a8c09263d1cbe394fb6f879d4d72ceb56823385e94ba98

    • SSDEEP

      3072:pBAp5XhKpN4eOyVTGfhEClj8jTk+0hUy8FlDS+Cgw5CKHm:sbXE9OiTGfhEClq9v1jJJUm

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks