f1d8dbbae0ed6373fb55e70494a589addd469047e3a4388bd8d07b0472bbd47a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

58b51c5b3860f3ccf00e56b5177604d4
Size

80KB
Sample

231226-gwk28sefg8
MD5

58b51c5b3860f3ccf00e56b5177604d4
SHA1

54057343d9a77e46df020916e8d3d3238ffabf25
SHA256

f1d8dbbae0ed6373fb55e70494a589addd469047e3a4388bd8d07b0472bbd47a
SHA512

0f9a8d10d8f60bd7a9b48c1d23c17aea10a546fcdabc77ed5b8a209ec228727a870db9b0e6a4a96ec6a0c614106a491a18d1e7cd7d01a023e6d4fea270fc7873
SSDEEP

1536:OkDro9Ash6VQZtlRtQlQ7pYw/zQymCJVVBZ9SZztEJe+9N+KZupBaY153u9Kwrp2:lDvsEU8lGpD/NZBZ9a3uN+zvx3YKZ

Score

8^/10

Malware Config

Targets

- Target
  
  GOLAYA-TOPLESS.exe
- Size
  
  180KB
- MD5
  
  69a9db2003415946eb1185c9ab4d6ca4
- SHA1
  
  a4e84147d24c578a9a0ac9b4b08815d45cf035c1
- SHA256
  
  39f420b486362ecca29eb4c068e665c2bd126f6f526049c26491539d1135582f
- SHA512
  
  2ddd0734c50bf4ecb5be23127e1354d641d78c49d4f20c703ef36621db6af9c1dcc2447f3d04527ea9fe56cdaf425c651b932139faed62537ceee3b662c14ad8
- SSDEEP
  
  3072:oBAp5XhKpN4eOyVTGfhEClj8jTk+0hN7+mYnhIAhyYwYs:fbXE9OiTGfhEClq9s+mYnhIAhyT
Score

8^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2