General
-
Target
a9ffaed3f7276ab6d8472dc457a8d11698426da23d070d9651ce247f9eb33755
-
Size
493KB
-
Sample
221108-hydxdafbar
-
MD5
02e4f7328ea0d24c85becbe13c13bacf
-
SHA1
5534138034a0e0eb0a183ec6143a6762cc27c4f9
-
SHA256
a9ffaed3f7276ab6d8472dc457a8d11698426da23d070d9651ce247f9eb33755
-
SHA512
d3db4ce11c19cce9cbf26624b865e729e6c00be4c1f32a3cb3e925a870b8e168d507f0d173e5996490316a4b720cf9dbc613f7668bf345a13b1225bbb64b3990
-
SSDEEP
6144:AseFPcfIB+6+AVbYXkbv7xxfC0Gwxbr6hYYJu:/ChB+YVbYUbjxx60b
Static task
static1
Behavioral task
behavioral1
Sample
a9ffaed3f7276ab6d8472dc457a8d11698426da23d070d9651ce247f9eb33755.exe
Resource
win7-20220812-en
Malware Config
Extracted
gozi
Extracted
gozi
1010
diuolirt.at
deopliazae.at
nifredao.com
filokiyurt.at
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
a9ffaed3f7276ab6d8472dc457a8d11698426da23d070d9651ce247f9eb33755
-
Size
493KB
-
MD5
02e4f7328ea0d24c85becbe13c13bacf
-
SHA1
5534138034a0e0eb0a183ec6143a6762cc27c4f9
-
SHA256
a9ffaed3f7276ab6d8472dc457a8d11698426da23d070d9651ce247f9eb33755
-
SHA512
d3db4ce11c19cce9cbf26624b865e729e6c00be4c1f32a3cb3e925a870b8e168d507f0d173e5996490316a4b720cf9dbc613f7668bf345a13b1225bbb64b3990
-
SSDEEP
6144:AseFPcfIB+6+AVbYXkbv7xxfC0Gwxbr6hYYJu:/ChB+YVbYUbjxx60b
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-