a8b7d7095a254b454a4cebad995896ec4476e8f1d9677a12be97fd15c696d389 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8b7d7095a254b454a4cebad995896ec4476e8f1d9677a12be97fd15c696d389
Size

80KB
Sample

221203-cacrhsgh5z
MD5

1525dc23b57d7873cc9c55910f83f387
SHA1

5de4c177e7d7ee1edb3d60e3aed91cb776c6f49c
SHA256

a8b7d7095a254b454a4cebad995896ec4476e8f1d9677a12be97fd15c696d389
SHA512

e575398cb854e575a49a2cb9002d6c4139551aeea73dc324f359de8c7adcb5adc2e7df67c56689c0a9e640c990ce74b2f3bc3fa17d135726d560a819a8049b2f
SSDEEP

1536:jkDro9Ash6VQZtlRtQlQ7pYw/zQymCJVVBZu3BHp231vcaLCCfVVG6sxaV:wDvsEU8lGpD/NZBZF1vcaLCsT/MA

Score

8^/10

Malware Config

Targets

- Target
  
  PHOTO-GOLAYA.exe
- Size
  
  180KB
- MD5
  
  731790f96390935dcf6c9451c7b80c68
- SHA1
  
  92e152be11147d807725aa55aea4825675f654f5
- SHA256
  
  58a80f311c14624bf50f9e45db0e62a5a4902ecffeeda120ad0d775ac109d4a9
- SHA512
  
  76de1b2e02c166d79b1a5079219cc7546a61d1e982a3b58e927695001725c9f50216c2cf4bd3d49d009debd2107f68eaf9751c4bdb0408cf3a508658c58af515
- SSDEEP
  
  3072:oBAp5XhKpN4eOyVTGfhEClj8jTk+0hN7+mYnhIAhyYyOK01:fbXE9OiTGfhEClq9s+mYnhIAhy8/1
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2