General
-
Target
main.exe
-
Size
37KB
-
Sample
221116-bgm1dsce6y
-
MD5
9676298f24c8cdd4b532ac027a00f60e
-
SHA1
8d0bd57712533f1a889627706925c17ed4347ce5
-
SHA256
0f5cce66023859e9d7e3f54b78e95bf09618db5ed01fe05b765d76ab156271da
-
SHA512
525b70896530a60cf58de64e8052ef2a8eb5ccc73d86fcd1f55d4850e682e3ff44c7ebc18ab029fc479b75a9a0083765c314c542b356d7ef8a7e7e493f13e7fd
-
SSDEEP
768:/QLm41fM01vAqyRrlpItKFyr8MS1g7/s1w70anLq:/L41fMSvXArbYVrO0/saLq
Behavioral task
behavioral1
Sample
main.exe
Resource
win7-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
5
lentaphoto.at
iujdhsndjfks.ru
gameindikdowd.ru
jhgfdlkjhaoiu.su
-
base_path
/uploaded/
-
build
250246
-
exe_type
loader
-
extension
.pct
-
server_id
50
Extracted
gozi
5
lentaphoto.at
iujdhsndjfks.ru
gameindikdowd.ru
jhgfdlkjhaoiu.su
-
base_path
/uploaded/
-
build
250246
-
exe_type
worker
-
extension
.pct
-
server_id
50
Targets
-
-
Target
main.exe
-
Size
37KB
-
MD5
9676298f24c8cdd4b532ac027a00f60e
-
SHA1
8d0bd57712533f1a889627706925c17ed4347ce5
-
SHA256
0f5cce66023859e9d7e3f54b78e95bf09618db5ed01fe05b765d76ab156271da
-
SHA512
525b70896530a60cf58de64e8052ef2a8eb5ccc73d86fcd1f55d4850e682e3ff44c7ebc18ab029fc479b75a9a0083765c314c542b356d7ef8a7e7e493f13e7fd
-
SSDEEP
768:/QLm41fM01vAqyRrlpItKFyr8MS1g7/s1w70anLq:/L41fMSvXArbYVrO0/saLq
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-