General
-
Target
b022589826a7bc89a45d106fae7f45b8cd7c7e24da607808277ef493fdc6f3d1
-
Size
251KB
-
Sample
221204-eky4lsec49
-
MD5
0c9d5b79ae769d2c011cba479a34b20b
-
SHA1
5dbd11b32ed6477d9208f3676cdf72b4bc38b7fa
-
SHA256
b022589826a7bc89a45d106fae7f45b8cd7c7e24da607808277ef493fdc6f3d1
-
SHA512
4158b89e4b0f3e5b67566f1463bfcf0d3306a9119f893be1e937f93c43946712835046d92fcb6e8ccac6bae74c305138c393b50ccc62ea7219358943a7fffa18
-
SSDEEP
3072:SFEQJkdZxE9L96rEfa5MGdDJ1CMHQ7o0fNmeg9o4mvwpbDu/iYWJKt:SFvJkPxE/6bxfCMHQpNFsVmky6YWQ
Static task
static1
Behavioral task
behavioral1
Sample
b022589826a7bc89a45d106fae7f45b8cd7c7e24da607808277ef493fdc6f3d1.exe
Resource
win7-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
goliathuz.com
musicvideoporntip3s.ru
-
exe_type
worker
Targets
-
-
Target
b022589826a7bc89a45d106fae7f45b8cd7c7e24da607808277ef493fdc6f3d1
-
Size
251KB
-
MD5
0c9d5b79ae769d2c011cba479a34b20b
-
SHA1
5dbd11b32ed6477d9208f3676cdf72b4bc38b7fa
-
SHA256
b022589826a7bc89a45d106fae7f45b8cd7c7e24da607808277ef493fdc6f3d1
-
SHA512
4158b89e4b0f3e5b67566f1463bfcf0d3306a9119f893be1e937f93c43946712835046d92fcb6e8ccac6bae74c305138c393b50ccc62ea7219358943a7fffa18
-
SSDEEP
3072:SFEQJkdZxE9L96rEfa5MGdDJ1CMHQ7o0fNmeg9o4mvwpbDu/iYWJKt:SFvJkPxE/6bxfCMHQpNFsVmky6YWQ
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-