General
-
Target
1513b9c5388526ffd54d792940662c3657be4c88c996d5e8a5a00bef62d0e750
-
Size
262KB
-
Sample
221125-j7bdaadc69
-
MD5
eaaaeb6d2d4ff29de8538fa269764ee2
-
SHA1
548f7d585e57479f7f9028586652182fd0c1eeec
-
SHA256
1513b9c5388526ffd54d792940662c3657be4c88c996d5e8a5a00bef62d0e750
-
SHA512
d3cfccccef1f5d6af60aa52f72bfae861ddea939b8d93873dc6a9f417447dfc3155f931d5220606d5a090051aba8e1d8901be6166a18404ea5281aec562a4f86
-
SSDEEP
6144:1CDPGMZNukyinobUk0zPLHPu3xLb4iJTC1srF:1AO4/yin9fPLQX4ku2r
Static task
static1
Behavioral task
behavioral1
Sample
1513b9c5388526ffd54d792940662c3657be4c88c996d5e8a5a00bef62d0e750.exe
Resource
win7-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
goliathuz.com
musicvideoporntip3s.ru
-
exe_type
worker
Targets
-
-
Target
1513b9c5388526ffd54d792940662c3657be4c88c996d5e8a5a00bef62d0e750
-
Size
262KB
-
MD5
eaaaeb6d2d4ff29de8538fa269764ee2
-
SHA1
548f7d585e57479f7f9028586652182fd0c1eeec
-
SHA256
1513b9c5388526ffd54d792940662c3657be4c88c996d5e8a5a00bef62d0e750
-
SHA512
d3cfccccef1f5d6af60aa52f72bfae861ddea939b8d93873dc6a9f417447dfc3155f931d5220606d5a090051aba8e1d8901be6166a18404ea5281aec562a4f86
-
SSDEEP
6144:1CDPGMZNukyinobUk0zPLHPu3xLb4iJTC1srF:1AO4/yin9fPLQX4ku2r
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-