Overview

overview

8

Static

static

3

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4b52b5a2e568e98c155a09a8a0f8471

  • Size

    107KB

  • Sample

    240313-cmkynahh6v

  • MD5

    c4b52b5a2e568e98c155a09a8a0f8471

  • SHA1

    f0e346888ea5c6aa516e14792ccbb207032e4a5d

  • SHA256

    c848d3216ae60f2898e934dd62959795db8cd6d425b62aa3364424041ef79a8d

  • SHA512

    8eacb544e7dab12cf6c08f848a2f81aad58ed3507f1d0843e2fea3700f65aee640860802eb225191077e5c21a4469a56d9284b5a2d75602c8e18185cf4d52376

  • SSDEEP

    3072:nO9dhLlTfMl7CLmiLhiO3jMVe/O0P06bchuM:OJhiCkO3jMVcP06ohJ

Score
8/10

Malware Config

Targets

    • Target

      GOLAYA-BABE.exe

    • Size

      203KB

    • MD5

      ddc256f409bf0b8e9647497da0c02077

    • SHA1

      5f17007371a209876bec6e467fbbab7634cb93b6

    • SHA256

      5114a34a00f9cb4273df0778733e2ffb006f74a065ecc0e82311f6ceb8bd2e09

    • SHA512

      d4d10039597dcdde99d8b25e4c5bcaad7514dc54f2296220e7fd108e02030b926943f53d2c622f8212340f48c9568dc000432a8ab83052c64c15c3bcfc4eed12

    • SSDEEP

      3072:rBAp5XhKpN4eOyVTGfhEClj8jTk+0hJ8D4RD0c0rpOdt/46KC5NV/2iBY:WbXE9OiTGfhEClq9YKXcP7/UCpS

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks