Overview

overview

8

Static

static

3

GOLAYA-SEXY.exe

windows7-x64

8

GOLAYA-SEXY.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e0eda2480d8ca9f18326c41a008f7e1f

  • Size

    84KB

  • Sample

    240327-gmq7wsha8x

  • MD5

    e0eda2480d8ca9f18326c41a008f7e1f

  • SHA1

    76fd5750c43a10d124110313b5a762b0d1096c6d

  • SHA256

    ac14be38fa619f555654fcd2843a1b9ca58298deb63bd35e1e74950cd9641d1c

  • SHA512

    f696eb733fe0ccf8074c11404b438fa0fa1704a3ba8814f5ae9e3d41daac84d8ab3c4df75594e7382c6495511dbf6a719556cb3a7a584d07f5a04d0995f153c7

  • SSDEEP

    1536:vQWQFGFI/PvgCRN59/iZCNfInuWUZGHVKDPfepBQzb7Ld4o6gF/KosP:Yrz/BRgsNfOPZI20HLdFSo6

Score
8/10

Malware Config

Targets

    • Target

      GOLAYA-SEXY.exe

    • Size

      180KB

    • MD5

      54fa63539b7dd53f6471ed6c74441a3c

    • SHA1

      c543a83a98e75898d68c27cdad0af7488285bb20

    • SHA256

      3503d7b765ab1715094a62e292fe214325e5e9875058e54df2aeecc402bb5b4e

    • SHA512

      66d48398c3862cc20b33db9d3957ff6ac981c968d309d14e5b8cc38e8728b64b9443a51ae296c694c7cea98639b82a7d10359886b2830004582128d3e6119eb4

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hUysEzQsFgS9BA/y:AbXE9OiTGfhEClq9MsEzQsFgSd

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks