Overview

overview

8

Static

static

3

GOLAYA-DEVOCHKA.exe

windows7-x64

8

GOLAYA-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    246ccaeb7989dd28a90d9ef3ee6cefda

  • Size

    80KB

  • Sample

    231225-rhfkpsffhr

  • MD5

    246ccaeb7989dd28a90d9ef3ee6cefda

  • SHA1

    30ddd414f3e93245d9dc834f121a8e5c661333f1

  • SHA256

    36060561540e7c5a92c103ee34f09a5313632c49574e9d42e0dfd43892c7ef08

  • SHA512

    bdda02bd1395bba8ef9152a45a0eba9647bb8de42a4f873ace050c2ae00816a5236634eb98a34b7183ab5cd719383fe3782f0ef3be80f8682997c3091ce078a7

  • SSDEEP

    1536:hQWQFGFI/PvgCRN59/iQyENtylyVRbXWEwaZ1I7HiSw8nsHaK:Crz/BRgQTNtygXmOM7c8rK

Score
8/10

Malware Config

Targets

    • Target

      GOLAYA-DEVOCHKA.exe

    • Size

      180KB

    • MD5

      8c608ea2bc292f5c709636b7863ead50

    • SHA1

      a6db5d61bef6be02a0108d2639585609cb25cbea

    • SHA256

      ea286591122804d91a79ca2bc2a20d6272bd28359560ca6996a1d88aabdafca3

    • SHA512

      d12607b0a2bd2ee182a9940b3f52263981122d73a9a19c1c55bdd56e39c4be82d56f1befb297d2426af67acb5d5ac153c8a109b575339ed71c5b77c524e3eb49

    • SSDEEP

      3072:gBAp5XhKpN4eOyVTGfhEClj8jTk+0hf2oscVS8Br9cOO0JkW06C:XbXE9OiTGfhEClq9+2oscVS8Br9cOO02

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks