Overview

overview

8

Static

static

GOLAYA-TOPLESS.exe

windows7-x64

8

GOLAYA-TOPLESS.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    dce9d4ac014be4b54e7fb39d9dfc32e0b04271ca81fea6270d630b6981e9b404

  • Size

    119KB

  • Sample

    221203-b1kpdadd46

  • MD5

    1d0ade953ebd9a1f36ad1b965bc78ce8

  • SHA1

    4dec22290d14c68cf7d5cd13132a5ffe56088a9f

  • SHA256

    dce9d4ac014be4b54e7fb39d9dfc32e0b04271ca81fea6270d630b6981e9b404

  • SHA512

    d95fcb185b4a99a90dcf87462b3827121e25a2e75e7bcd3ec821d1f90b99552e5d2d38ffcdf3c7665cdb84fff894d8ec18b660b882e744f31530380432836732

  • SSDEEP

    1536:4n/bwDHHUQTsX36h0ST44dpapQBCUo95MoqwWWku+8w5eJx8twlaGmMd/7GD:4nmH0QTs66Kz2gCU8uoLceHXBI

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-TOPLESS.exe

    • Size

      237KB

    • MD5

      5c94059adb47691be3bd70b628224d42

    • SHA1

      2173a63636142956ac0f2032caf3c327f27dd4cc

    • SHA256

      5159ded8a0a546ebbed689e870873c7cea047be40d6311cc475d3ca5cedfcd52

    • SHA512

      dd9178ee54765bf7c002889ff700516b77c5297e446f284a2f36768325cd5dd531878d1c07fe013024e92c001f9450fb349b26b0608426dda12a7d9f62f74701

    • SSDEEP

      3072:6BAp5XhKpN4eOyVTGfhEClj8jTk+0h5Y2AGeS/+Cgw5CKHS:JbXE9OiTGfhEClq9AY2AGe/JJUS

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks