General
-
Target
2da70ec19ccc974521025ffc8f32a1983b6517d1151ef4943c69d062954d3d3c
-
Size
506KB
-
Sample
221128-b8gyfsah3w
-
MD5
1021c89494503fdec076272280957248
-
SHA1
3aad175ba9003458dd33846c024a09ae989e0686
-
SHA256
2da70ec19ccc974521025ffc8f32a1983b6517d1151ef4943c69d062954d3d3c
-
SHA512
64cbee371c3729418d6055bd7f67accd42d2c240ffe1bb1f8302056ef7c67d07f07401798862b13df459c3f71864c056929033b6d9eecce3668ed2edc907ce5e
-
SSDEEP
12288:cxvqLRvMeJeAYgZ0N8+VI9Hx9tRYhHAwpXeE:cxfeJezgk8+VCEhHAwp
Static task
static1
Behavioral task
behavioral1
Sample
2da70ec19ccc974521025ffc8f32a1983b6517d1151ef4943c69d062954d3d3c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2da70ec19ccc974521025ffc8f32a1983b6517d1151ef4943c69d062954d3d3c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
gozi
Extracted
gozi
2782923
tmadecorrespondence.com
-
exe_type
worker
Targets
-
-
Target
2da70ec19ccc974521025ffc8f32a1983b6517d1151ef4943c69d062954d3d3c
-
Size
506KB
-
MD5
1021c89494503fdec076272280957248
-
SHA1
3aad175ba9003458dd33846c024a09ae989e0686
-
SHA256
2da70ec19ccc974521025ffc8f32a1983b6517d1151ef4943c69d062954d3d3c
-
SHA512
64cbee371c3729418d6055bd7f67accd42d2c240ffe1bb1f8302056ef7c67d07f07401798862b13df459c3f71864c056929033b6d9eecce3668ed2edc907ce5e
-
SSDEEP
12288:cxvqLRvMeJeAYgZ0N8+VI9Hx9tRYhHAwpXeE:cxfeJezgk8+VCEhHAwp
Score10/10-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-