golddragon | 4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211 | Triage

Sharing

General

Target

15ec5c7125e6c74f740d6fc3376c130d.bin
Size

330KB
Sample

230412-bsyahaac6w
MD5

15ec5c7125e6c74f740d6fc3376c130d
SHA1

fb09b89803da071b7b7eb23244771c54d979a873
SHA256

4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211
SHA512

b9ca295439ec152084e741058b059622c05341a485229e4158f9feec6ca4945ef9c1fb95c132f70c14baebd91240c3dedf7ccff06e86c0584650b564fbe0292d
SSDEEP

6144:F9uMUkomZtUSDmrGhEmX7JUWrgbmyRCtfGztnjE8TOaW3eHa/ro:F9uW9Tn6ahEmX7JUWrgbmFl8nNTZW3eD

Score

10^/10

golddragon backdoor

Malware Config

Targets

- Target
  
  15ec5c7125e6c74f740d6fc3376c130d.bin
- Size
  
  330KB
- MD5
  
  15ec5c7125e6c74f740d6fc3376c130d
- SHA1
  
  fb09b89803da071b7b7eb23244771c54d979a873
- SHA256
  
  4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211
- SHA512
  
  b9ca295439ec152084e741058b059622c05341a485229e4158f9feec6ca4945ef9c1fb95c132f70c14baebd91240c3dedf7ccff06e86c0584650b564fbe0292d
- SSDEEP
  
  6144:F9uMUkomZtUSDmrGhEmX7JUWrgbmyRCtfGztnjE8TOaW3eHa/ro:F9uW9Tn6ahEmX7JUWrgbmFl8nNTZW3eD
Score

10^/10

golddragon backdoor
- GoldDragon
  GoldDragon is a second-stage backdoor attributed to Kimsuky.
  backdoor golddragon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

golddragonbackdoor

behavioral2

golddragonbackdoor