Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba77eeab97e2a4b63d6f0a374f2043a59d658e71408c18614f8cd781eefa1527

  • Size

    119KB

  • Sample

    221205-26ecnafe98

  • MD5

    a22c2ac2d274edebcc7de91f3c9648ec

  • SHA1

    c9a54c8adbcba4ada0480deef0f3704c9edb6739

  • SHA256

    ba77eeab97e2a4b63d6f0a374f2043a59d658e71408c18614f8cd781eefa1527

  • SHA512

    492702d3437e7431623e9926bea9f4080de002a19ce0198e932fe9051b679f5d6a0a8a543f5163db4df7fbaf3ab9930bce7630d6db4ff51254e3b9f6a1fbf261

  • SSDEEP

    3072:jnHXMpxcGxFyhQ0bOqYDl8WgmFHZ47et+jGkNby6gX2:rHmGY/o0h87mUSt+jRuZm

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-BABE.exe

    • Size

      239KB

    • MD5

      471ee52782395766d6e60db78eea6bf1

    • SHA1

      86886592b9281a9b640c06b3cb7742955405d0ee

    • SHA256

      f251a94739170aaf1ad716e6f31645cc3bb2350fc5e0ccc135511d9618f0386c

    • SHA512

      c2759eff3ce5ebebbe779bda325a1b35d1c9a10c06f15c99f1b3ac760ed9376540a20c0bb99f406db46b6e20ae361ac7c41bc5b1edfc981daed89bc2f89327dd

    • SSDEEP

      3072:OBAp5XhKpN4eOyVTGfhEClj8jTk+0hbRBrICPwXAFxTTw1BV56nt1UrknjaT5/e4:lbXE9OiTGfhEClq9aW6EBMbJ4JJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks