Overview

overview

8

Static

static

3

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    02776946b4e09e8fe27e721cd3f822a3_JaffaCakes118

  • Size

    116KB

  • Sample

    240930-vzb6ds1brh

  • MD5

    02776946b4e09e8fe27e721cd3f822a3

  • SHA1

    4b8159d94bde31ca03693611ba956a6f9286d24b

  • SHA256

    c2ffc76233830a2b1e1482f7c13b67594ec18667a8f8ef184d0ff4070dc4fb33

  • SHA512

    192eb9edf4aa567716d7f878b5c0c17760ea5dd2903bef7c285b596ed2910b94ceb50ada9803e84ccb3bab09574086af9d2721170f01a4753438a213fc74e10b

  • SSDEEP

    3072:OsrbFcp/BRgCulI4whChfRSdsMJyNe/VlX8yxm:VrRcp/BRgCjfYfRSdsMJme/rs0m

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      210KB

    • MD5

      55c52c71c8a5b4b8f588a5f374efeffa

    • SHA1

      421f679f5b796d77f5bd785377f72e7e168e48de

    • SHA256

      d0941243d0cf16809f7338045a08686deba40f0ea436fb11202595eb1b1d34ae

    • SHA512

      b2394c9f0eeb3d71f67ffc724e36f03da1e303bbec469fdf8663d163f096fe2788e29e5c10f64a5f27e042d8d73a7afea1ac697bf38da1aae44f8b125a738264

    • SSDEEP

      3072:EBAp5XhKpN4eOyVTGfhEClj8jTk+0h8xwNhv4+Cgw5CKHG:TbXE9OiTGfhEClq9hwZJJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks