General
-
Target
d5ebcdac450c9999ef7184481f729df0bb5babd9ae9fb62b7c6fdff02569a674
-
Size
305KB
-
Sample
221128-j7mfjshc85
-
MD5
f4cdbef32c96169f9194b6b33b3f7c26
-
SHA1
53d0738923bcd20bddf9e280d281a81225378162
-
SHA256
d5ebcdac450c9999ef7184481f729df0bb5babd9ae9fb62b7c6fdff02569a674
-
SHA512
de2ee95658cfe3dd78a688932dd140849b04b7f6da869294d486326a010ccb6137264a4f924f88b4c4e3c6584399aa869ef6ec912e1d54b87ca05b67b4f861b9
-
SSDEEP
6144:VId7WQ8X2rBWueOlQb2NOShT5RmUjD5uT:Vw7L+2rBWuFltF8UjD5uT
Static task
static1
Behavioral task
behavioral1
Sample
d5ebcdac450c9999ef7184481f729df0bb5babd9ae9fb62b7c6fdff02569a674.exe
Resource
win7-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
1010
redwoodmotors.ru
pampers-globalworld.ru
pinkfloyd-mp3love.ru
sosandhelpconnect.ru
-
exe_type
worker
Targets
-
-
Target
d5ebcdac450c9999ef7184481f729df0bb5babd9ae9fb62b7c6fdff02569a674
-
Size
305KB
-
MD5
f4cdbef32c96169f9194b6b33b3f7c26
-
SHA1
53d0738923bcd20bddf9e280d281a81225378162
-
SHA256
d5ebcdac450c9999ef7184481f729df0bb5babd9ae9fb62b7c6fdff02569a674
-
SHA512
de2ee95658cfe3dd78a688932dd140849b04b7f6da869294d486326a010ccb6137264a4f924f88b4c4e3c6584399aa869ef6ec912e1d54b87ca05b67b4f861b9
-
SSDEEP
6144:VId7WQ8X2rBWueOlQb2NOShT5RmUjD5uT:Vw7L+2rBWuFltF8UjD5uT
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-