General
-
Target
Restr.com
-
Size
252KB
-
Sample
220315-jy3feaahdk
-
MD5
16959900ff34c0ba60fe2a4d9f1242c5
-
SHA1
888148f1b31355192e26ea4fc97c91f4c4defe9e
-
SHA256
0f4395c5cdee1c9fe28ef9a63355594f0f7a23aa41e52b8085a0bda8715da13f
-
SHA512
a2b7a74fdc6525c5b8ecafc66706136e1e3996e28ebb3b1d8e236b120e59f8c4e85165f385365d706a8391ae2a5f30530a086c7820e26d1a6cd2f19a44da5d54
Static task
static1
Behavioral task
behavioral1
Sample
Restr.exe
Resource
win7-20220310-en
Malware Config
Extracted
gozi_rm3
-
build
300994
Targets
-
-
Target
Restr.com
-
Size
252KB
-
MD5
16959900ff34c0ba60fe2a4d9f1242c5
-
SHA1
888148f1b31355192e26ea4fc97c91f4c4defe9e
-
SHA256
0f4395c5cdee1c9fe28ef9a63355594f0f7a23aa41e52b8085a0bda8715da13f
-
SHA512
a2b7a74fdc6525c5b8ecafc66706136e1e3996e28ebb3b1d8e236b120e59f8c4e85165f385365d706a8391ae2a5f30530a086c7820e26d1a6cd2f19a44da5d54
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Deletes itself
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Drops file in System32 directory
-