79f968f7e3fd804cc580faef3161b02dad57fbe2daef819e2f60067817858bac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

79f968f7e3fd804cc580faef3161b02dad57fbe2daef819e2f60067817858bac
Size

89KB
Sample

221203-canh1sea46
MD5

cd3186a4a5e5a6d4525eb2bf9c1255cc
SHA1

b7b8e22db32e31d147fed1e150097f21aeaa2a6e
SHA256

79f968f7e3fd804cc580faef3161b02dad57fbe2daef819e2f60067817858bac
SHA512

a22bf13aa988fdff95b0cc793ab15292091b82d9d2c0b1d433e166f956c6b2c468fd33fb38ef71eab7a302dee9b255cf9615c65d42b63b303af13ce29b65c2a3
SSDEEP

1536:uUnVN5HOHUEs6iqcuyIJ4fnb07w3317NbesR3SRXAlO+aSPVTtHduqvIJkaK:uUnLYCq/Fufnb07YPe8CJADDNtMqvMK

Score

8^/10

Malware Config

Targets

- Target
  
  GOLAYA-TOPLESS.exe
- Size
  
  181KB
- MD5
  
  b1d337c0c73cbea038b997d6abaddb31
- SHA1
  
  4f4d45e58de9ee50b01e53846143427d942268ef
- SHA256
  
  3fd1978f95b6bc6efab67e2b2b98b0c373cccc10757457f7735dc3b2a4f29720
- SHA512
  
  3c25bd65e87fa431ab7ade6c61bbf825b18633d7bee97ca8061ae4d0f68c9715d14e6f411d83471daaab0a0f93927f90d3bfb93a5abacfce0cda342807a6c573
- SSDEEP
  
  3072:rBAp5XhKpN4eOyVTGfhEClj8jTk+0hR4udk4Rjb+o:WbXE9OiTGfhEClq9Xuvjbz
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2