Overview

overview

8

Static

static

3

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    bbc8d8846083c29de770cb8d39361ed9

  • Size

    88KB

  • Sample

    240308-vgq7lada6t

  • MD5

    bbc8d8846083c29de770cb8d39361ed9

  • SHA1

    271961d315b35afc7da0a36e8d945fdcdbf2b408

  • SHA256

    371f6413f2c30aa6512a4765792217e3bf4c5f5e444b17934dd13a4144faefa7

  • SHA512

    0511057b400b0258bb5b280d76584b54652c305b0d2858858ef00db622ee3308d09d984dcc12e202164aef3e714973501c75a01f3c5835bb7d870faab5e2bb2a

  • SSDEEP

    1536:WQwHfvMS0xcGxFyhQkrnb1Mq9Wb2A/Vpo45mBAc5/pGyUiE+eKV2GYSsSG1:WnHXMpxcGxFyhQ0bOqYqA/IAUAU/0yUB

Score
8/10

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      180KB

    • MD5

      fdc849111653249dd6ebe00d6d293760

    • SHA1

      ece8bcb2bd22dfbe218e8c9104d2813bc624ec31

    • SHA256

      538b9ff9b6e06025b93fa25ebbf7d06f7280813b97e826b7413981ae543d7429

    • SHA512

      83e22626e4c46324d2d0cc60a545e4341123aeca1d96c9d23925e441cda137bfbb3ff463acba3514a896d9fb8851ffdf63248f628fed14e0df07b3e013c64866

    • SSDEEP

      3072:TBAp5XhKpN4eOyVTGfhEClj8jTk+0hg/eSZZvLf6CNsPrXJ8WYQKaLl:+bXE9OiTGfhEClq9vGSZZvLCCNsPrXJh

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks