Overview

overview

8

Static

static

3

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    fa8bc1ffff7ae4ac60b6bc479d5fe2cb_JaffaCakes118

  • Size

    85KB

  • Sample

    240419-sada2sga8w

  • MD5

    fa8bc1ffff7ae4ac60b6bc479d5fe2cb

  • SHA1

    031a91fd188c8291aa41eaa934a17a853ca47264

  • SHA256

    2e99f697492451d09fbb9ce85b31a626cad49942ca70db30ef858b63329c63d5

  • SHA512

    8de0476c37c9d92c69501e682b22df7566f4063953b0e4ead7be39e9fe97b5d2047a900c5980d38f74e53228d2ab6963e3ea82c100275be6039d7434b53b39ed

  • SSDEEP

    1536:vQwHfvMS0xcGxFyhQkrnb1Mq9WbYdpA+UD5Xb+xzzlgVrOre4pUi8OgDg:vnHXMpxcGxFyhQ0bOqYM7TU5b+dp2rCf

Score
8/10

Malware Config

Targets

    • Target

      GOLAYA-BABE.exe

    • Size

      181KB

    • MD5

      fa74fb27d2cd5d0ebfce9d301c3ef918

    • SHA1

      610c05cf48359612b4e766a409cfcb5d56d43bf6

    • SHA256

      d607b0c6c9e1e2d323ae1c598f31c440b5d972878614bfa8ae4786bd8834ce1d

    • SHA512

      df9e3b4b8d5cc65462d329422ff260ddea1a0c73a38d94059387aabfd1b31919ab47aee369150192ebb6edaff10c478d316d583039f74d655cfda152848883fb

    • SSDEEP

      3072:NBAp5XhKpN4eOyVTGfhEClj8jTk+0hfAWFmEeQqqqqqqqqoX:IbXE9OiTGfhEClq9K9Q

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks