Overview

overview

8

Static

static

3

RUSSKAYA-GOLAYA.exe

windows7-x64

8

RUSSKAYA-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e9699a3042581b6c067bfe40acd9d5c6_JaffaCakes118

  • Size

    116KB

  • Sample

    240409-hs3zbacc8w

  • MD5

    e9699a3042581b6c067bfe40acd9d5c6

  • SHA1

    0417bfcb142b5f0ddfb1c69053c793f6213cc553

  • SHA256

    2d3b9e20c3394c844bafd90436fe5f2b9f48f2db542ae1148d8d7902373f6358

  • SHA512

    0ae982a6554013ffd44ebe07ae436eb28cd7aab8475c94d5aff41e5dbaef97e4d1a2a87907e041d59ec2273597a5756c62827195bfd8307e7b9628fbccb3a652

  • SSDEEP

    3072:dsrbFcp/BRgCulI4whChfRSdsMJyNe/VlX8yxz:OrRcp/BRgCjfYfRSdsMJme/rs0z

Score
8/10
discovery

Malware Config

Targets

    • Target

      RUSSKAYA-GOLAYA.exe

    • Size

      210KB

    • MD5

      55c52c71c8a5b4b8f588a5f374efeffa

    • SHA1

      421f679f5b796d77f5bd785377f72e7e168e48de

    • SHA256

      d0941243d0cf16809f7338045a08686deba40f0ea436fb11202595eb1b1d34ae

    • SHA512

      b2394c9f0eeb3d71f67ffc724e36f03da1e303bbec469fdf8663d163f096fe2788e29e5c10f64a5f27e042d8d73a7afea1ac697bf38da1aae44f8b125a738264

    • SSDEEP

      3072:EBAp5XhKpN4eOyVTGfhEClj8jTk+0h8xwNhv4+Cgw5CKHG:TbXE9OiTGfhEClq9hwZJJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks