Overview

overview

8

Static

static

3

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    0f06d1f9c51f72d4c1c3ebb4a3037dd2

  • Size

    132KB

  • Sample

    231230-ffnbzsafe5

  • MD5

    0f06d1f9c51f72d4c1c3ebb4a3037dd2

  • SHA1

    886fbc95b3a61fa39fb06d7fc3643de7508b5510

  • SHA256

    07859cc42c7c62cee53a80e079db6f18470526719aa4584e3f5001e2b1f3fb40

  • SHA512

    e14c59ca3e54d4ad86f7414c36b2856e99f5779db7db518924f8e97ea975f957a620be0a880d2db36fab8c4c7ee9cb30582f8c3a4abda5ac7d24787d78eeff58

  • SSDEEP

    3072:Qrz/BRgKl+bsTJbUeosb3WPIoSdJ64JbU:QP/BRgKwgNUtSWPIoSdw41U

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-BABE.exe

    • Size

      238KB

    • MD5

      bd3875791f0a36ed9122352e1b4fe189

    • SHA1

      a3dff7bd641755b5c8b64c4aab59738ec3842d60

    • SHA256

      1973e4168c5aa035cdc9797ffdede9fac7e84064be5019f533a4ac3de2edef0f

    • SHA512

      1709eff81fc9ee3760f3d6128a228655cadd04144d1f877e2c0a04e6ce2215eeb6c2acebca02d741f3a6090a239f1f652547e4c3badcc99db64dc35a8379ff67

    • SSDEEP

      3072:tBAp5XhKpN4eOyVTGfhEClj8jTk+0hd255d5q5hQ2+Cgw5CKHm:obXE9OiTGfhEClq9uk5d5q5hQXJJUm

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks