Overview

overview

8

Static

static

3

GOLAYA-RUSSKAYA.exe

windows7-x64

8

GOLAYA-RUSSKAYA.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    ece0ffad1087cd04e5e8ee17d5ebf104_JaffaCakes118

  • Size

    79KB

  • Sample

    240411-h7kraahf5y

  • MD5

    ece0ffad1087cd04e5e8ee17d5ebf104

  • SHA1

    419a8e8a69b074d2dfc492a991d5d66b5de0dc9e

  • SHA256

    1d256912ca6569decd972173cc676c963b1dd60fd845941d1db355341d919da0

  • SHA512

    654fbe128b457fd2a8351ce293fb79defaa598bdfc4c4b1620343f856afbd95984c50062412fe57ac34710bcb68a7c32a6fb9946facee8d7524eca510e76f96a

  • SSDEEP

    1536:Tvg1WKQmK74VzprUxe7kvLSPkIJNE9sq0Qs07t+vhAUqHRKKXPTKFnmq/MH5YEAk:TvgEL7Yo4PkH9sIbMpAxQKXP+Fr/MHN7

Score
8/10

Malware Config

Targets

    • Target

      GOLAYA-RUSSKAYA.exe

    • Size

      180KB

    • MD5

      05dcabe4947ada380eb48cf90eb0aa6f

    • SHA1

      d11c9319a518ddc14dc62cc138d074b1d908c924

    • SHA256

      53b296ba46752bf57d298dfe5ba8b011574253199e57ffd8c8786bb16f642f49

    • SHA512

      a336ca962fe97f329fa6968e2532096a0051e5f124c20c7ba74d6688e5b15b2f34980b56f2b6f1e5ff3a53a05936510f22841279497ca50061e5c3fc55ea1614

    • SSDEEP

      3072:nBAp5XhKpN4eOyVTGfhEClj8jTk+0hJiH8ga2EPb9ePlO7/IQ1bvatjKv5sK2DdH:qbXE9OiTGfhEClq9j8ga2+b9ePlO7/IR

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks