Overview

overview

8

Static

static

3

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3429cf5e123ed2ee7696c5b04ed48970

  • Size

    95KB

  • Sample

    231225-wz7sqsdff4

  • MD5

    3429cf5e123ed2ee7696c5b04ed48970

  • SHA1

    a752cb5aa4c4a21407daac1d25fcd517ba56e0bf

  • SHA256

    88bbeebbbc8f5e785357fd9b61d328c81aa3061994169015511899d9a7445fee

  • SHA512

    afdc9ea17a3367324966f956dbe719004fd677c345f570ddf0a5c81f6183506eff7b17981f19018b590425b58c4c4298f32379c755548d4d9320b74d4fc19d7e

  • SSDEEP

    1536:7vg1WKQmK74VzprUxe7kvLSPkIJNE9sq0Qs07t2vtLPGyMMobvZb6Zh3SuhUosHw:7vgEL7Yo4PkH9sIbqIyabveMuhUosaoW

Score
8/10

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      180KB

    • MD5

      db89b00c7c939cf554518d57f1377827

    • SHA1

      bf3c125ff67971778b7976dda615d9ed1bc7c2a1

    • SHA256

      cb028ef2b09fae773878ce008daf8719692f62f5036ca9e76fefe9ede348b6a4

    • SHA512

      56d61b7be2c77e43798d7b13b330f7733d1198c3dc9cc2c685d8a5ea2024ebfacdbd42b6452371ab74fb7a215f9fc5e21212cb9759d51d465bb631b612401510

    • SSDEEP

      3072:oBAp5XhKpN4eOyVTGfhEClj8jTk+0hwyWS/LzWNsoauJP94:fbXE9OiTGfhEClq9E/XWNsRm94

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks