General
-
Target
fb66da43a5b6f7e9511491cc6e8c5347d021a5b77535783d72d58b56055888ef
-
Size
316KB
-
Sample
221128-xxcp9aaa87
-
MD5
1ffdeddc1c8a3b697f27c56a17f38c4d
-
SHA1
f9182674f8c3206147878a5a4ccd5851ae71b43e
-
SHA256
fb66da43a5b6f7e9511491cc6e8c5347d021a5b77535783d72d58b56055888ef
-
SHA512
b7c39acec50e9960854d1de42f4eb9bfae54eed832b21ab6f14aa8ee4490d156064fa318fed9078c9f4a87ce34fd43006d71ad7c2b693c0c706afd139a139cc3
-
SSDEEP
6144:7zslDnz2P0qh2aiWShzRfowVwBxDVzoC+zwaZIC+D5nHnnHnnHnHnXXXnnnnn33g:UlDnqs821WiZNADVNbY2nHnnHnnHnHnw
Static task
static1
Behavioral task
behavioral1
Sample
fb66da43a5b6f7e9511491cc6e8c5347d021a5b77535783d72d58b56055888ef.exe
Resource
win7-20220812-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
redwoodmotors.ru
pampers-globalworld.ru
pinkfloyd-mp3love.ru
sosandhelpconnect.ru
-
exe_type
worker
Targets
-
-
Target
fb66da43a5b6f7e9511491cc6e8c5347d021a5b77535783d72d58b56055888ef
-
Size
316KB
-
MD5
1ffdeddc1c8a3b697f27c56a17f38c4d
-
SHA1
f9182674f8c3206147878a5a4ccd5851ae71b43e
-
SHA256
fb66da43a5b6f7e9511491cc6e8c5347d021a5b77535783d72d58b56055888ef
-
SHA512
b7c39acec50e9960854d1de42f4eb9bfae54eed832b21ab6f14aa8ee4490d156064fa318fed9078c9f4a87ce34fd43006d71ad7c2b693c0c706afd139a139cc3
-
SSDEEP
6144:7zslDnz2P0qh2aiWShzRfowVwBxDVzoC+zwaZIC+D5nHnnHnnHnHnXXXnnnnn33g:UlDnqs821WiZNADVNbY2nHnnHnnHnHnw
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-