Overview

overview

8

Static

static

GOLAYA-RUSSKAYA.exe

windows7-x64

8

GOLAYA-RUSSKAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    893795696f6e7057dafbcb740c51a0f2a5721fc6928fe1356ea14fc96f54577a

  • Size

    120KB

  • Sample

    221203-f9p3nscg4t

  • MD5

    394e90e889c25660540447182a81fc6e

  • SHA1

    550f0140625ddea9247f89eb9cbbc394a1b44f98

  • SHA256

    893795696f6e7057dafbcb740c51a0f2a5721fc6928fe1356ea14fc96f54577a

  • SHA512

    a66369d6091e2935ff041c3a67e487808e0f55f8810440c6f9c0ff01ba8f6d6f6fe233678fb195a3183b564d996ebb66b9e0a2aca21717c5ede995f894ed8991

  • SSDEEP

    3072:xl0img13tG90HdQ3Sqt0nPhTWy9l/tz2p7KMq1dP:xljpD9Q3TtoTWgl/tCdKDT

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-RUSSKAYA.exe

    • Size

      239KB

    • MD5

      b9bafa06fc9e0a881cb060fb6278ad5a

    • SHA1

      32e1be697efb7005f411fecbdfa52c45fa0f9802

    • SHA256

      0fd52b648762cfe5cd96ece16b1c93cbdb013b305c2eafdff91a5faea4564050

    • SHA512

      3146072672987752ea5cca17b14dd0c12443fa4fceeb75547b2b12786cefc9354d4606ff4fb63fb43718664ee7e2dd2742935eab055e774e25316380575f1db0

    • SSDEEP

      3072:FBAp5XhKpN4eOyVTGfhEClj8jTk+0hH8lQTxo+0YDciRSB+Cgw5CKHG:gbXE9OiTGfhEClq9a0YrSYJJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks