General
-
Target
fcf0794f4c7c678763286e84d32d1451199e1fd1695fe21867955fa04dcae89a
-
Size
288KB
-
Sample
221127-rwwh3sdh89
-
MD5
0b6df2838e0eb797fe43700fde1a13d2
-
SHA1
83dc0a5bb4c68c7146df0f8fe59bc958888304bd
-
SHA256
fcf0794f4c7c678763286e84d32d1451199e1fd1695fe21867955fa04dcae89a
-
SHA512
97854e83ea45d8e31dda9c8f0685281d1af9e73f41b2df170b781075fd106143340d16fee24dfb8453b3e187a2b95b0b9f0dad5a08f11c7e4602822821503739
-
SSDEEP
6144:wUk5hN+hPNHAniFBX0OCfRUTHsZ6T44fYXzYfOJnrLi4U+Ep3:wUk5vwHaglpTHsm4qYXcWJnrLi4U+Ep3
Static task
static1
Behavioral task
behavioral1
Sample
fcf0794f4c7c678763286e84d32d1451199e1fd1695fe21867955fa04dcae89a.exe
Resource
win7-20220812-en
Malware Config
Extracted
gozi
Extracted
gozi
2000
tandem88.ru
janetly741.ru
juano229.ru
bumbo998.ru
chiko99.ru
-
build
212507
-
exe_type
worker
-
server_id
93
Targets
-
-
Target
fcf0794f4c7c678763286e84d32d1451199e1fd1695fe21867955fa04dcae89a
-
Size
288KB
-
MD5
0b6df2838e0eb797fe43700fde1a13d2
-
SHA1
83dc0a5bb4c68c7146df0f8fe59bc958888304bd
-
SHA256
fcf0794f4c7c678763286e84d32d1451199e1fd1695fe21867955fa04dcae89a
-
SHA512
97854e83ea45d8e31dda9c8f0685281d1af9e73f41b2df170b781075fd106143340d16fee24dfb8453b3e187a2b95b0b9f0dad5a08f11c7e4602822821503739
-
SSDEEP
6144:wUk5hN+hPNHAniFBX0OCfRUTHsZ6T44fYXzYfOJnrLi4U+Ep3:wUk5vwHaglpTHsm4qYXcWJnrLi4U+Ep3
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-