General
-
Target
yA0A.tmp.bin.zip
-
Size
84KB
-
Sample
220407-3wa3xsbaar
-
MD5
43f48b9407bd4e67f5f20e7e679ba193
-
SHA1
84bc285f4584f7cc6f0c966d19e2bf8f97820e04
-
SHA256
dedd163599da14f5c9082a6611c08342d9b68681f770b4e083ed4f513b215420
-
SHA512
69ba3904f18316b6f452592ace0670bc2df6cf00f025fbe35d57d1e5c3fde06716b23c036b9ad0b71bcb2202d67e516222768078d6e150bd33ab7752f4d52d79
Static task
static1
Behavioral task
behavioral1
Sample
yA0A.tmp.dll
Resource
win7-20220331-en
Malware Config
Extracted
gozi_rm3
-
build
300994
Targets
-
-
Target
yA0A.tmp.bin
-
Size
151KB
-
MD5
55ab2f304f8c2da30aeee7713a95064d
-
SHA1
aae939cf3995905399e427097fc90c5b62f3d4c3
-
SHA256
41ae907a2bb73794bb2cff40b429e62305847a3e1a95f188b596f1cf925c4547
-
SHA512
08bbf78b4154f725399055dfb8a4338ce873297af847a5e30c8b6708e44feeae071fbf7efff9ff2c0b397fdffec5ca52a9591f742092a8f50287e54ce89307d3
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Drops file in System32 directory
-