General
-
Target
8cd8efad8c6d62328a95a2be9b7bf3977ffcc066dc8f82010bdd56a6d0d6d11f
-
Size
376KB
-
Sample
221124-2dyktsgd4v
-
MD5
4165eb68c959487dad6ef02646aa29c3
-
SHA1
fb3afa14170009086adb3a8e48ccdc189908a324
-
SHA256
8cd8efad8c6d62328a95a2be9b7bf3977ffcc066dc8f82010bdd56a6d0d6d11f
-
SHA512
24942d6a4011bbea790872e56912b1855cc9e29c03bbb706ebc4c78a46d4a9bb4fa09f57683f347a273ca4e79e69b4f6c804904f4ed93fc564a860db2b07e339
-
SSDEEP
6144:qDf6Ygsvu1uyGSQlollY8DKc/qSUhosrLEV/V6r5:Mf6BsvmuzZGTDK2qS/yd
Static task
static1
Behavioral task
behavioral1
Sample
8cd8efad8c6d62328a95a2be9b7bf3977ffcc066dc8f82010bdd56a6d0d6d11f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8cd8efad8c6d62328a95a2be9b7bf3977ffcc066dc8f82010bdd56a6d0d6d11f.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
2782923
tmadecorrespondence.com
-
exe_type
worker
Targets
-
-
Target
8cd8efad8c6d62328a95a2be9b7bf3977ffcc066dc8f82010bdd56a6d0d6d11f
-
Size
376KB
-
MD5
4165eb68c959487dad6ef02646aa29c3
-
SHA1
fb3afa14170009086adb3a8e48ccdc189908a324
-
SHA256
8cd8efad8c6d62328a95a2be9b7bf3977ffcc066dc8f82010bdd56a6d0d6d11f
-
SHA512
24942d6a4011bbea790872e56912b1855cc9e29c03bbb706ebc4c78a46d4a9bb4fa09f57683f347a273ca4e79e69b4f6c804904f4ed93fc564a860db2b07e339
-
SSDEEP
6144:qDf6Ygsvu1uyGSQlollY8DKc/qSUhosrLEV/V6r5:Mf6BsvmuzZGTDK2qS/yd
Score10/10-
Modifies Installed Components in the registry
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-