General
-
Target
fc7ba1d4f3c922bb95e1c80c65c3a4de6564f19379e28b287808e4f4c5ea36f9
-
Size
348KB
-
Sample
221125-23vv8sge5t
-
MD5
40cd2fec7ef2cada01d56afbae18015b
-
SHA1
512de247dbceb55babbf55e9d0945810f389674d
-
SHA256
fc7ba1d4f3c922bb95e1c80c65c3a4de6564f19379e28b287808e4f4c5ea36f9
-
SHA512
9af87fcd4a625ba6d86dd3211b5bcfaab6eef3d5e013e0be179ed1021dffcfe9cf2720127a8466e1d1f7391c227397f31fc5cbb9369443fe1c8f7168d7b623fc
-
SSDEEP
6144:N4e0DLTDAOtoPvUHxXhDOOq/GS86H8jZ3alw5ZuMdRdEx7RzrgM:ueOL/36vwXIOq/GVdGw5QMNk71z
Static task
static1
Behavioral task
behavioral1
Sample
fc7ba1d4f3c922bb95e1c80c65c3a4de6564f19379e28b287808e4f4c5ea36f9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
fc7ba1d4f3c922bb95e1c80c65c3a4de6564f19379e28b287808e4f4c5ea36f9.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
1012
lolila.net
vndjtu968488.ru
moriyurw368798.ru
-
build
213459
-
exe_type
worker
Targets
-
-
Target
fc7ba1d4f3c922bb95e1c80c65c3a4de6564f19379e28b287808e4f4c5ea36f9
-
Size
348KB
-
MD5
40cd2fec7ef2cada01d56afbae18015b
-
SHA1
512de247dbceb55babbf55e9d0945810f389674d
-
SHA256
fc7ba1d4f3c922bb95e1c80c65c3a4de6564f19379e28b287808e4f4c5ea36f9
-
SHA512
9af87fcd4a625ba6d86dd3211b5bcfaab6eef3d5e013e0be179ed1021dffcfe9cf2720127a8466e1d1f7391c227397f31fc5cbb9369443fe1c8f7168d7b623fc
-
SSDEEP
6144:N4e0DLTDAOtoPvUHxXhDOOq/GS86H8jZ3alw5ZuMdRdEx7RzrgM:ueOL/36vwXIOq/GVdGw5QMNk71z
Score10/10-
Modifies Installed Components in the registry
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-