Overview

overview

8

Static

static

3

GOLAYA-SEXY.exe

windows7-x64

8

GOLAYA-SEXY.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9ee1287b18b3072da0c607954a647db

  • Size

    128KB

  • Sample

    240314-3p7hjscg23

  • MD5

    c9ee1287b18b3072da0c607954a647db

  • SHA1

    faac6c5e8e53ec574037b0845e13cc1cdfd1806a

  • SHA256

    a8e7c284ff281cfb887465da0073873a86562a90223ceb4afbad06d4edd2bf35

  • SHA512

    7b3a9f67a9e5104885d922547952baf4d92c95e9125451a147095dc9abb994285e8e19b9ec8826acc5f11c154fc1437b02364376c0db28f4f2bb8a59de8614a0

  • SSDEEP

    3072:npmgI3tG90HdQ3SqtHwamSx3F7IlyEyB0DPu+JIrVQB:paD9Q3TtHwamly8PuCIO

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-SEXY.exe

    • Size

      240KB

    • MD5

      934d29283079d878fae23838ff5d156b

    • SHA1

      773c0ba664625a4030af3b8ea321de5ee0e029c6

    • SHA256

      fe9d78c0c394e248da57fc5693fe5cb0a759489c93ae300adef582f1069413c6

    • SHA512

      d410f0196092ad17a00496a587cd135e610efd6af47091731be9040d9426e2d24641e5989dc753d4e9d7ba3f126f8f2ce467f006c303a659cfb8495c8c119fc2

    • SSDEEP

      3072:4BAp5XhKpN4eOyVTGfhEClj8jTk+0hnbGsthRX1Tr+Cgw5CKHe:vbXE9OiTGfhEClq9uLhjyJJUe

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks