Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1cbbb7e497adc12a0e7147091fed6db0

  • Size

    121KB

  • Sample

    231230-z5hycaaegl

  • MD5

    1cbbb7e497adc12a0e7147091fed6db0

  • SHA1

    64c51e524cbda316e4afc6e34bbe9c1653e9ad23

  • SHA256

    2753db20603182350e9575f2d0f80a7bc2a0e23e8f61cc9f4fa0f40b4c8bea19

  • SHA512

    213598343b6eada79bcdcc2838bc9be9d3fad3c3e38b1aaf3bccdafc106a30c28b282e761793563b48107b10b210004de7d4e3d463d80644e5728f52ce120c86

  • SSDEEP

    3072:MvgEL7Yo4PkH9sIbjF+bUl7UrtvgW3EcUJr+s2d7F7n:MvgEPYo4PkrM4lwFW3ctn

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-BABE.exe

    • Size

      239KB

    • MD5

      d141270ed4ca25be1fd7cd61f1d91f1a

    • SHA1

      b5860a78425caa29e00f575de4bcf8dc3314e966

    • SHA256

      eeb248baee68277a58652fa4a8a5c55357027be32389f6fd01c73bc4c3a1b8fd

    • SHA512

      510814a7ad4416d39372f347b774cb7170900a7fc6e7eb07f84212f861a586b406964f3599bd3533a9884c891fc75335eb7daaa562fe1e60ef2f3b7a7f85b110

    • SSDEEP

      6144:dbXE9OiTGfhEClq9npor2Iw7Wuq1IOlWJJUK:NU9XiuiSoTlc

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks