General
-
Target
ZipCosdaz1.zip
-
Size
201KB
-
Sample
230102-mhma2adh66
-
MD5
8a63a7e1b400fd665d367876f9616e8e
-
SHA1
f48223b22680ae9610bbcb2254b8228c93a8c9c9
-
SHA256
594c5be5ad8bfe2471448c4fe87f934c7297a725c5e0469f381118f470d5ddd7
-
SHA512
b61eed270749a79bd709f9c8c95250b2b37d4c7311b582fdebf379dd749bfccb8bae592eb191dbd0ce5b2c14860247fe1f74501922b35913d426bf6cc1e4f43a
-
SSDEEP
6144:XWM0eeQ7ksGBfjDuR/ryki/HWaNvYVUsF8eAX:F0/QYXf/U/2lHWIQl8RX
Static task
static1
Behavioral task
behavioral1
Sample
ZipCosdaz1.exe
Resource
win7-20220901-en
Malware Config
Extracted
gozi
Extracted
gozi
20000
trackingg-protectioon.cdn4.mozilla.net
79.132.130.171
45.11.182.30
protectioon.cdn4.mozilla.net
79.132.128.228
185.189.151.61
-
base_path
/fonts/
-
build
250249
-
exe_type
loader
-
extension
.bak
-
server_id
50
Extracted
gozi
20000
trackingg-protectioon.cdn4.mozilla.net
79.132.130.171
45.11.182.30
protectioon.cdn4.mozilla.net
79.132.128.228
185.189.151.61
-
base_path
/fonts/
-
build
250249
-
exe_type
worker
-
extension
.bak
-
server_id
50
Targets
-
-
Target
ZipCosdaz1.exe
-
Size
308KB
-
MD5
d6f6ecbf69cc2680e9c3b41a0015680f
-
SHA1
308a0ed536602be01b34f7eb52269da7c72f02b5
-
SHA256
f21b2f9795d007b5452b590db584b550c68f48859f596c00c4f4b77a8189d610
-
SHA512
d1951f0c39469dfa10a3e94295412b00b04827a362aae09a04b6ff9cf9a28b28fcd8680cdc999533c3bee579d3a0582cca7381ea038361679825957a0067b280
-
SSDEEP
6144:2L/l/81gqG9fjDuRp4ivyIxZ1WqqdSv9x:2zl/ycf/UpHdYU
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-