General
-
Target
bf77a675ea62c179e0ea28567bef6b010a604144acbcccaadfccb28dd7ba95b4
-
Size
328KB
-
Sample
221125-3f5mlahf2s
-
MD5
9362eacaddec77615f128fb7a27c28f7
-
SHA1
3f406c83d76cda76e30615cc148f4c53e5a2b4cb
-
SHA256
bf77a675ea62c179e0ea28567bef6b010a604144acbcccaadfccb28dd7ba95b4
-
SHA512
72029194b8fd428057e981ace0645f9f5bdf360a6ee52df71601a28aaa093b86226b6e118209f177d2ebac939bd20977660afaca2634c07c155f751cd834e22b
-
SSDEEP
6144:BL2gpLRGTHy3D9Kq0q5q2QcZt6p1jCTJHhK8fOk:/AHyhKJP/1mTJ481
Static task
static1
Behavioral task
behavioral1
Sample
bf77a675ea62c179e0ea28567bef6b010a604144acbcccaadfccb28dd7ba95b4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bf77a675ea62c179e0ea28567bef6b010a604144acbcccaadfccb28dd7ba95b4.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
1012
lolila.net
vndjtu968488.ru
moriyurw368798.ru
-
build
213425
-
exe_type
worker
Targets
-
-
Target
bf77a675ea62c179e0ea28567bef6b010a604144acbcccaadfccb28dd7ba95b4
-
Size
328KB
-
MD5
9362eacaddec77615f128fb7a27c28f7
-
SHA1
3f406c83d76cda76e30615cc148f4c53e5a2b4cb
-
SHA256
bf77a675ea62c179e0ea28567bef6b010a604144acbcccaadfccb28dd7ba95b4
-
SHA512
72029194b8fd428057e981ace0645f9f5bdf360a6ee52df71601a28aaa093b86226b6e118209f177d2ebac939bd20977660afaca2634c07c155f751cd834e22b
-
SSDEEP
6144:BL2gpLRGTHy3D9Kq0q5q2QcZt6p1jCTJHhK8fOk:/AHyhKJP/1mTJ481
Score10/10-
Modifies Installed Components in the registry
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-