General
-
Target
05ee1eca0bc8ac75f287f6e4f9d813822147af9b4ff0f050e9574c884f8a5f36
-
Size
386KB
-
Sample
221126-s7c2jshf5z
-
MD5
6fa26b5a051dfd46f88b7afd8a3cca2f
-
SHA1
da72c68b166bb625155f45fa384f751221dcf83f
-
SHA256
05ee1eca0bc8ac75f287f6e4f9d813822147af9b4ff0f050e9574c884f8a5f36
-
SHA512
35a0a1ed114891bc9906ed17b42c62cab234ee873425357ae8750807b15d24635cb170f430fb321d52ed0f98d34c8040c6f2ac732d3e866eeec4c8ff18ba956f
-
SSDEEP
6144:x3rdqFza2ihKec2XddzyXThYxoM3pYdW1G0musNy2u5pndAj:xRya2P2XbzyXlY+M3WdW1XLsNy2iAj
Static task
static1
Behavioral task
behavioral1
Sample
05ee1eca0bc8ac75f287f6e4f9d813822147af9b4ff0f050e9574c884f8a5f36.exe
Resource
win7-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
1010
neftinetinebudet.net/geodata/version/ip2ext
staticstoday.com/geodata/version/ip2ext
-
build
212436
-
exe_type
worker
-
server_id
30
Targets
-
-
Target
05ee1eca0bc8ac75f287f6e4f9d813822147af9b4ff0f050e9574c884f8a5f36
-
Size
386KB
-
MD5
6fa26b5a051dfd46f88b7afd8a3cca2f
-
SHA1
da72c68b166bb625155f45fa384f751221dcf83f
-
SHA256
05ee1eca0bc8ac75f287f6e4f9d813822147af9b4ff0f050e9574c884f8a5f36
-
SHA512
35a0a1ed114891bc9906ed17b42c62cab234ee873425357ae8750807b15d24635cb170f430fb321d52ed0f98d34c8040c6f2ac732d3e866eeec4c8ff18ba956f
-
SSDEEP
6144:x3rdqFza2ihKec2XddzyXThYxoM3pYdW1G0musNy2u5pndAj:xRya2P2XbzyXlY+M3WdW1XLsNy2iAj
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-