General
-
Target
bcf9a62776fd5e7517305718adc78900727814b7aa99936efac1c5298c01e07c
-
Size
294KB
-
Sample
221127-jjv3saae49
-
MD5
71d99b4b7eadb846080b47f522184000
-
SHA1
15e019e8ce9ba900ed6d4bab0df52e84a7178b16
-
SHA256
bcf9a62776fd5e7517305718adc78900727814b7aa99936efac1c5298c01e07c
-
SHA512
fdea440359bcfcf1ec4c07f3121a5989e6e57359f321870a11ca51e3c3f018dae3473258d203cc52eb17caef1205d624ab8a9dde36cfbedce478791e1199be6f
-
SSDEEP
6144:jghpUTEVfUc0oCU4OmAtOvFkx8UpDvQOj7ek:jgDUTE2HNXVAt0u8UtQn
Static task
static1
Behavioral task
behavioral1
Sample
bcf9a62776fd5e7517305718adc78900727814b7aa99936efac1c5298c01e07c.exe
Resource
win7-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
1010
neftinetinebudet.net/geodata/version/ip2ext
staticstoday.com/geodata/version/ip2ext
-
build
212436
-
exe_type
worker
-
server_id
30
Targets
-
-
Target
bcf9a62776fd5e7517305718adc78900727814b7aa99936efac1c5298c01e07c
-
Size
294KB
-
MD5
71d99b4b7eadb846080b47f522184000
-
SHA1
15e019e8ce9ba900ed6d4bab0df52e84a7178b16
-
SHA256
bcf9a62776fd5e7517305718adc78900727814b7aa99936efac1c5298c01e07c
-
SHA512
fdea440359bcfcf1ec4c07f3121a5989e6e57359f321870a11ca51e3c3f018dae3473258d203cc52eb17caef1205d624ab8a9dde36cfbedce478791e1199be6f
-
SSDEEP
6144:jghpUTEVfUc0oCU4OmAtOvFkx8UpDvQOj7ek:jgDUTE2HNXVAt0u8UtQn
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-