General
-
Target
ZipCosdaz1_detrunked.exe
-
Size
238KB
-
Sample
221214-zjjmrabb39
-
MD5
630bbad3b703e4726558584b4eb0d6a5
-
SHA1
d88ca9a9bfdcce2b453d56b09ae134b0d861f27c
-
SHA256
0ab7b970fa1728713371d1f9186c1910a490964c8c4afb54ebe158ba6fe8030b
-
SHA512
5df5acd85194b6a346955cf3f32111e12825f08bfca69fe13e6eaeed904d7a4158a744242d8db8bec621c9b823ccfefefdb602531d51b605bea823e9217410b0
-
SSDEEP
6144:v5RXU9L/3zwa5YRIWTNPU9dV7n/7CWKADsd:hRXSD3UuYK2PUHVz/eiDsd
Static task
static1
Malware Config
Extracted
gozi
Extracted
gozi
2002
trackingg-protectioon.cdn4.mozilla.net
45.11.182.97
79.132.128.108
protectioon.cdn4.mozilla.net
91.241.93.98
79.132.128.109
91.242.217.28
91.241.93.111
-
base_path
/fonts/
-
build
250249
-
exe_type
loader
-
extension
.bak
-
server_id
50
Extracted
gozi
2002
trackingg-protectioon.cdn4.mozilla.net
45.11.182.97
79.132.128.108
protectioon.cdn4.mozilla.net
91.241.93.98
79.132.128.109
91.242.217.28
91.241.93.111
-
base_path
/fonts/
-
exe_type
worker
-
extension
.bak
-
server_id
50
Targets
-
-
Target
ZipCosdaz1_detrunked.exe
-
Size
238KB
-
MD5
630bbad3b703e4726558584b4eb0d6a5
-
SHA1
d88ca9a9bfdcce2b453d56b09ae134b0d861f27c
-
SHA256
0ab7b970fa1728713371d1f9186c1910a490964c8c4afb54ebe158ba6fe8030b
-
SHA512
5df5acd85194b6a346955cf3f32111e12825f08bfca69fe13e6eaeed904d7a4158a744242d8db8bec621c9b823ccfefefdb602531d51b605bea823e9217410b0
-
SSDEEP
6144:v5RXU9L/3zwa5YRIWTNPU9dV7n/7CWKADsd:hRXSD3UuYK2PUHVz/eiDsd
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-