General
-
Target
5bfbaec3160bba09e7fa6ca1fdd67dad2041961ae7ca906796e6eb276be50fec
-
Size
318KB
-
Sample
221127-a7eahagf64
-
MD5
5fe27637b35d10ed04e7f68378ad01bb
-
SHA1
e61f046a805150a614d1be3ba1cdcadb2aff3685
-
SHA256
5bfbaec3160bba09e7fa6ca1fdd67dad2041961ae7ca906796e6eb276be50fec
-
SHA512
aac461cb9304ecbd8c31ec6be1697cbd192431019e37574a60f721e0d8ed7378763e7f6803a3de005795101402ce3946bd883797f8f750a5d984478d95dd85de
-
SSDEEP
6144:ObVgVHI0hNMUSvvFb/ZZiBK4MFImGK+GGy7eVkHGKlHMLFFKbfpQp0fc:O4IihMFbETdfGGytHQKbhQGfc
Static task
static1
Behavioral task
behavioral1
Sample
5bfbaec3160bba09e7fa6ca1fdd67dad2041961ae7ca906796e6eb276be50fec.exe
Resource
win7-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
1010
superstatic.net/geodata/version/ip2ext
statisticaup.net/geodata/version/ip2ext
staticago.com/geodata/version/ip2ext
supportsstats.com/geodata/version/ip2ext
-
build
212554
-
exe_type
worker
-
server_id
30
Targets
-
-
Target
5bfbaec3160bba09e7fa6ca1fdd67dad2041961ae7ca906796e6eb276be50fec
-
Size
318KB
-
MD5
5fe27637b35d10ed04e7f68378ad01bb
-
SHA1
e61f046a805150a614d1be3ba1cdcadb2aff3685
-
SHA256
5bfbaec3160bba09e7fa6ca1fdd67dad2041961ae7ca906796e6eb276be50fec
-
SHA512
aac461cb9304ecbd8c31ec6be1697cbd192431019e37574a60f721e0d8ed7378763e7f6803a3de005795101402ce3946bd883797f8f750a5d984478d95dd85de
-
SSDEEP
6144:ObVgVHI0hNMUSvvFb/ZZiBK4MFImGK+GGy7eVkHGKlHMLFFKbfpQp0fc:O4IihMFbETdfGGytHQKbhQGfc
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-