Overview

overview

8

Static

static

3

GOLAYA-SEXY.exe

windows7-x64

8

GOLAYA-SEXY.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    1022a8d60fda80321fc17fe5de280fe2

  • Size

    99KB

  • Sample

    231224-yzmtnsadc3

  • MD5

    1022a8d60fda80321fc17fe5de280fe2

  • SHA1

    47bb0b295008dd3eef7ba591bfb5adec39e134ef

  • SHA256

    cfc9afe0ec88cf59151a65fec542aa40fe39f282a7780446e753479558ee7d42

  • SHA512

    297bf60c5c2e813746e4c8663b0a582a6d677eec0a79feb6e3038ae66db78f168339e5182bf025040c620c66f8d69d9b811747d8e188b5ce886370b7bd7a59b5

  • SSDEEP

    3072:i47excGxFLPkH9SnbZDazo21mLtQqVI+8iX2:i+eGYtPk0Z+zo6JDiX2

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-SEXY.exe

    • Size

      149KB

    • MD5

      e1fb70408c7945c6524c321063bd9570

    • SHA1

      ebcd6a63fac9609c46e9c84708aa1e5701ee7775

    • SHA256

      3e2da7a655e400f9e6ad442d4db21bac0a9528bc825aaaa8fdd97406458a59ed

    • SHA512

      58751bd094dfc28c8b83085a480f70d1dfc97b990e69d90c4abe6ad5ec68c2a215445a664d5287bc624eab4175c2479fe6f0802b045fea61c12449af05f34814

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0higWrUzM/XP:AbXE9OiTGfhEClq9GWruyXP

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks