Overview

overview

8

Static

static

3

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    237eb8c12f6e7a41c7938f6e9844af93

  • Size

    119KB

  • Sample

    231225-q8n44afdh6

  • MD5

    237eb8c12f6e7a41c7938f6e9844af93

  • SHA1

    665ceced6591d71472a19e2cdac10daee725c35b

  • SHA256

    f257a63815815bc6c15a28787a89fc051b745a6c641f9c849e989599f7cfc1fe

  • SHA512

    b2892bbef64bb0994fe6de49ab81b7d5492e93bde29f5049aa3e5a67e8fd3c17783b9054a2a5ab7c8bc90123bd6380490ee798ef1d53567c6b1b492742ad6764

  • SSDEEP

    3072:VnHXMpxcGxFyhQ0bOqYDl8WgmFHZ47et+jGkNby6gXn:ZHmGY/o0h87mUSt+jRuZX

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      239KB

    • MD5

      471ee52782395766d6e60db78eea6bf1

    • SHA1

      86886592b9281a9b640c06b3cb7742955405d0ee

    • SHA256

      f251a94739170aaf1ad716e6f31645cc3bb2350fc5e0ccc135511d9618f0386c

    • SHA512

      c2759eff3ce5ebebbe779bda325a1b35d1c9a10c06f15c99f1b3ac760ed9376540a20c0bb99f406db46b6e20ae361ac7c41bc5b1edfc981daed89bc2f89327dd

    • SSDEEP

      3072:OBAp5XhKpN4eOyVTGfhEClj8jTk+0hbRBrICPwXAFxTTw1BV56nt1UrknjaT5/e4:lbXE9OiTGfhEClq9aW6EBMbJ4JJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks