Overview

overview

8

Static

static

GOLAYA-TOPLESS.exe

windows7-x64

8

GOLAYA-TOPLESS.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    dbfb098cf18acc377e94c43c7b32d863a3bac50e23e292779d74fe1ac06f6bd3

  • Size

    120KB

  • Sample

    221203-f9mybahd72

  • MD5

    5e74526f66fb86593d6efe2482b53a73

  • SHA1

    3094ea41775d796071ddc87f15fe59046916d526

  • SHA256

    dbfb098cf18acc377e94c43c7b32d863a3bac50e23e292779d74fe1ac06f6bd3

  • SHA512

    6a236c7f325b7cfefdfd0aefc0ddfccc61d9fb8b8f4bd6f93df4affce3483541b2c4a64eea23b275cf8f56d15690f7b9c3d93ee7ed2fc1535808bb2e1f6cfb65

  • SSDEEP

    3072:ml0img13tG90HdQ3Sqt0nPhTWy9l/tz2p7KMq1dV:mljpD9Q3TtoTWgl/tCdKDR

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-TOPLESS.exe

    • Size

      239KB

    • MD5

      b9bafa06fc9e0a881cb060fb6278ad5a

    • SHA1

      32e1be697efb7005f411fecbdfa52c45fa0f9802

    • SHA256

      0fd52b648762cfe5cd96ece16b1c93cbdb013b305c2eafdff91a5faea4564050

    • SHA512

      3146072672987752ea5cca17b14dd0c12443fa4fceeb75547b2b12786cefc9354d4606ff4fb63fb43718664ee7e2dd2742935eab055e774e25316380575f1db0

    • SSDEEP

      3072:FBAp5XhKpN4eOyVTGfhEClj8jTk+0hH8lQTxo+0YDciRSB+Cgw5CKHG:gbXE9OiTGfhEClq9a0YrSYJJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks