Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

GOLAYA-TOPLESS.exe

windows7-x64

8

GOLAYA-TOPLESS.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dae54b3f9609c3f81e5d22008d9f0d623f80f918b13fb5924461a0fdb8d5376c

  • Size

    116KB

  • Sample

    221203-gaeckacg8w

  • MD5

    f9b9e28b922262e055c1802303cb2a82

  • SHA1

    282e3bf877878d65c3b631f0f3009114cad2efb6

  • SHA256

    dae54b3f9609c3f81e5d22008d9f0d623f80f918b13fb5924461a0fdb8d5376c

  • SHA512

    3eb0092e62757e5d26554a9a513c95faa47e179db4d6f158c74693993b8c3773db4e73cee5f5b9a9334d421dee4a09b3850186d8d12292a32b7c5dfa3cb34dec

  • SSDEEP

    3072:6l0img13tG90HdQ3Sqt1k4e7iAJjU+hLMDgs2z4kF7fKB:6ljpD9Q3Tt1Le7iAVU+ODX2z4vB

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-TOPLESS.exe

    • Size

      239KB

    • MD5

      9ea5d4e300dd6c096812711fa3c677d2

    • SHA1

      91ae3f2c828d65fc1d862abda77c875a433a09f8

    • SHA256

      fa673f26eca0e92ae23fd52290a15fed2115c3cce647c93a9d52a069d3f82aaa

    • SHA512

      807886572612c5593192318f2ac65fc0d42a77989ac86ccfd730b9544f5fb14fb4aa54aa10bbc7c0f76cde779149da8662d5abba173a503fd942f9669985949e

    • SSDEEP

      3072:7BAp5XhKpN4eOyVTGfhEClj8jTk+0hWmKlv+Cgw5CKHK:mbXE9OiTGfhEClq9PTQJJUK

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks