Overview

overview

8

Static

static

3

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    c34a386f034dc81e2045eb280cfdafe6

  • Size

    80KB

  • Sample

    240312-nzqv8aaa33

  • MD5

    c34a386f034dc81e2045eb280cfdafe6

  • SHA1

    c1f712b777b7e77cd3935b47864f943255a0a4b5

  • SHA256

    c5faca07c76a6e75c04057d6e155fa436b7515a0bad1b7c77011a6d67dd3c2ba

  • SHA512

    b57cc22a04fe967b26bd5a659a983333b18dede9491418ec779fc43b35eedd095ace91d21d4aad1a153ccbfe39f8e15e47a22aecf26e6c8345a8f6517b70a5b7

  • SSDEEP

    1536:/kDro9Ash6VQZtlRtQlQ7pYw/zQymCJVVBZ9SZztEJe+9N+KZupBaY153u9Kwrpu:MDvsEU8lGpD/NZBZ9a3uN+zvx3YK9

Score
8/10

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      180KB

    • MD5

      69a9db2003415946eb1185c9ab4d6ca4

    • SHA1

      a4e84147d24c578a9a0ac9b4b08815d45cf035c1

    • SHA256

      39f420b486362ecca29eb4c068e665c2bd126f6f526049c26491539d1135582f

    • SHA512

      2ddd0734c50bf4ecb5be23127e1354d641d78c49d4f20c703ef36621db6af9c1dcc2447f3d04527ea9fe56cdaf425c651b932139faed62537ceee3b662c14ad8

    • SSDEEP

      3072:oBAp5XhKpN4eOyVTGfhEClj8jTk+0hN7+mYnhIAhyYwYs:fbXE9OiTGfhEClq9s+mYnhIAhyT

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks