Overview

overview

8

Static

static

GOLAYA-RUSSKAYA.exe

windows7-x64

8

GOLAYA-RUSSKAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5905ec568cef3acffe4a2a315dcaab6d94b2c2e9726d81cecc54b65f497261f2

  • Size

    131KB

  • Sample

    221205-3hy8labd7s

  • MD5

    d20b5314a6ca0f1bada3327e794e8ec2

  • SHA1

    9783840b2c5d3982b5c50a81ca4c29832de9d10a

  • SHA256

    5905ec568cef3acffe4a2a315dcaab6d94b2c2e9726d81cecc54b65f497261f2

  • SHA512

    aaa65c684a8eb713f8fd1adf9cd9be16a3e28aac0a8aa80623021533a19239e2aac09d9b60f1785c04fee375b6550285e754f12f6bca241183b2a65bb5679c92

  • SSDEEP

    3072:hnHXMpxcGxFyhQ0bOqYW6Qn6RuhCmICnACTIUAf9QnwhmHJ:tHmGY/o0W6Q6R8CsnVTI4wh+J

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-RUSSKAYA.exe

    • Size

      238KB

    • MD5

      7710fc4fcea932679b40d31d409ae117

    • SHA1

      bb5dfd38943356d6c1cff6b12d32f1cb54af6d35

    • SHA256

      11abaf6a3b196588408e4d7fe8bf9a7d9b1a9b9bb3eeeb3dc2215be38f18eefa

    • SHA512

      7fb1e792e8d2533a5aa4927971249d59f25fe2fe7067b9a1dbbb71aa1a5964bd7efb75822c73ffdef9ff118982e42b870c883229fa37eee228f3d11026574b06

    • SSDEEP

      6144:MbXE9OiTGfhEClq9528TfdRoWRg+lN/JJUm:oU9XiuiJ8DRxl5

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks