Overview

overview

8

Static

static

GOLAYA-RUSSKAYA.exe

windows7-x64

8

GOLAYA-RUSSKAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e29399cd076bd03849a8490f8f782a16c580dcd950f748cef9668987394e44c0

  • Size

    118KB

  • Sample

    221203-a551fadg2v

  • MD5

    193f5cc6564435f2242dcc7762f0e719

  • SHA1

    dd991d8a68bdc95bccfac41572e94f8c7ae225ce

  • SHA256

    e29399cd076bd03849a8490f8f782a16c580dcd950f748cef9668987394e44c0

  • SHA512

    c102f9649196bf6b05e54ffb15b729e1301db1e8db60f59889428d7749163753c4f6d2a5cd0b54f5d24f4e7ee0ddb503fc7df1723c8e862c8f1cc7bc989d8b61

  • SSDEEP

    3072:Arz/BRgUsSsIkdMnXmE1CbWg75vgljzrb:AP/BRgUHsIkd82oCbzW5/b

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-RUSSKAYA.exe

    • Size

      237KB

    • MD5

      8f7533d451cd45e344753808cc96fc55

    • SHA1

      7e863472f9b8ff66cdfedf50b7dd3a2019bfbcf9

    • SHA256

      2f6486cdde1da45b8a9b8fd5d59c60b625da6b370c19264e7d2e0eab6f0fc143

    • SHA512

      0aa7afa17ba2084d061f326deb25ac9bed868f55dd40fe4f792e62b5fc32c48b1f53b32a880b82d1c4aad74ea821b9c42877493c0cd4d5c6737da875ad21a311

    • SSDEEP

      3072:4BAp5XhKpN4eOyVTGfhEClj8jTk+0hlBkk9Tjlrggp6JXtGdE0J97Rls2Ok2jmNc:vbXE9OiTGfhEClq9gBmqQiZqJJUC

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks