Overview

overview

8

Static

static

3

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    fd8a029d0654c92453f086179934bccc_JaffaCakes118

  • Size

    99KB

  • Sample

    240420-yv2r2agf78

  • MD5

    fd8a029d0654c92453f086179934bccc

  • SHA1

    a2d37d970b906668979fc3bbd94d6377eedcb90b

  • SHA256

    fbf7f71b8ad08854d23f8b38c542f9ff1f78d8ed61f87c8c1d5c5cd3a5858bad

  • SHA512

    d1d0e618b9ea0258328832b1e5f1853010b6c8ef7e3d84572f11eeaedd1aca0faccd4d0a73139bbb3eadce7dd52184ab0ea6c4d0ed63a5f09f1b2f9265b9d5df

  • SSDEEP

    1536:bQ47WXxcGxFz2SPkIJNE9SnblzDaJ/BNv205NBCd91dJnysGKd+gqYfMazh:847excGxFLPkH9SnbZDaPVC7smpfMc

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      149KB

    • MD5

      977c93c6bc8681e1c6f4957be7346fb3

    • SHA1

      d6dd40443ab855f7723163573a99d2073f3e5ab7

    • SHA256

      49ad394c9e66be0dbdbb2f39ae0dec9d73524c5adcfa0b2ab42a5c9f021c860a

    • SHA512

      43a35a1cd5b232c1c905c0d99b837cd0cb62da18fd2f347ca19ca93ae0a0f00156f16ae105e4f26190008d791535d76960c3c5e7b3090316c33a9364147e4158

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hizJREUzffMe:AbXE9OiTGfhEClq9XKUbMe

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks