Overview

overview

8

Static

static

GOLAYA-SEXY.exe

windows7-x64

8

GOLAYA-SEXY.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    d785f8f3a1537aee3db837ead6f5507a7aa3894a602dcffa4f24294e726deb4a

  • Size

    116KB

  • Sample

    221203-a474eaaf39

  • MD5

    e335f1fabe303e9f19e3f7713cbd1115

  • SHA1

    328211860d409dccda063ac37efd376d92297f79

  • SHA256

    d785f8f3a1537aee3db837ead6f5507a7aa3894a602dcffa4f24294e726deb4a

  • SHA512

    052192c8ce7e52e8dd762c549e1ab4f1537714284075454affeb7edf9253cc91030c30fee10123fb3b7d6198d9fae33640ce21bb7f3b8a4509bbc1c1d71e635c

  • SSDEEP

    3072:RsrbFcp/BRgCKk6rzli+NK0+5T7ZYNSh5ILKRpP:6rRcp/BRgCErzlRotTEopP

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-SEXY.exe

    • Size

      210KB

    • MD5

      e3ed299ce4982a14a6636310994345e3

    • SHA1

      3734d5ef93aa6a4f5c3f4052e4bd4e20a3218e6e

    • SHA256

      93797469edd71571dac60f7b6e6575904803e00f3ad8504bd341570f64f0bd3e

    • SHA512

      9d3c33a0d826406c359d5bda8ce79348d31540ba3cbed904806cb2aabba5275169f417e5c6e338b102e557c4e004fcecee1504e3b08bbc70eab5d579e42233e8

    • SSDEEP

      3072:EBAp5XhKpN4eOyVTGfhEClj8jTk+0h8xwNhQs+Cgw5CKHG:TbXE9OiTGfhEClq9hwCJJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks