golddragon | 4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211 | Triage

Sharing

General

Target

15ec5c7125e6c74f740d6fc3376c130d.bin
Size

330KB
Sample

230412-bsyahaac6w
MD5

15ec5c7125e6c74f740d6fc3376c130d
SHA1

fb09b89803da071b7b7eb23244771c54d979a873
SHA256

4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211
SHA512

b9ca295439ec152084e741058b059622c05341a485229e4158f9feec6ca4945ef9c1fb95c132f70c14baebd91240c3dedf7ccff06e86c0584650b564fbe0292d
SSDEEP

6144:F9uMUkomZtUSDmrGhEmX7JUWrgbmyRCtfGztnjE8TOaW3eHa/ro:F9uW9Tn6ahEmX7JUWrgbmFl8nNTZW3eD

Score

10^/10

golddragon backdoor

Malware Config

Targets

- Target
  
  15ec5c7125e6c74f740d6fc3376c130d.bin
- Size
  
  330KB
- MD5
  
  15ec5c7125e6c74f740d6fc3376c130d
- SHA1
  
  fb09b89803da071b7b7eb23244771c54d979a873
- SHA256
  
  4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211
- SHA512
  
  b9ca295439ec152084e741058b059622c05341a485229e4158f9feec6ca4945ef9c1fb95c132f70c14baebd91240c3dedf7ccff06e86c0584650b564fbe0292d
- SSDEEP
  
  6144:F9uMUkomZtUSDmrGhEmX7JUWrgbmyRCtfGztnjE8TOaW3eHa/ro:F9uW9Tn6ahEmX7JUWrgbmFl8nNTZW3eD
Score

10^/10

golddragon backdoor
- GoldDragon
  GoldDragon is a second-stage backdoor attributed to Kimsuky.
  backdoor golddragon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

golddragonbackdoor

behavioral2

golddragonbackdoor