General
-
Target
4c0e67.exe
-
Size
40KB
-
Sample
230102-ms8xsadh87
-
MD5
89b4b5f702481b9b218dadfce9c9853b
-
SHA1
1999cbad156476550a0cf8207887373073466edb
-
SHA256
b0e40dab94b05dcb01dbb9a162c8c75685b41bfdc2ce74ff2e579d84bb33fdd7
-
SHA512
57bbb407b439a71e40a5de3c4dd1c1a71abcafb635587aa29ae624538cb74c5bed9bad4adac65855a4f6151d84a3e4cd4d7e12e4a8782b97113aa438fe1525a3
-
SSDEEP
768:vKbMPv5JL/yWeM4CPSlWoEKCCldH24pjwg3jllNeErDqr:v4MHLL/2wPumCXnpjwgLkEw
Behavioral task
behavioral1
Sample
4c0e67.exe
Resource
win7-20220901-en
Malware Config
Extracted
gozi
Extracted
gozi
20000
trackingg-protectioon.cdn4.mozilla.net
79.132.130.171
45.11.182.30
protectioon.cdn4.mozilla.net
79.132.128.228
185.189.151.61
-
base_path
/fonts/
-
build
250249
-
exe_type
loader
-
extension
.bak
-
server_id
50
Extracted
gozi
20000
trackingg-protectioon.cdn4.mozilla.net
79.132.130.171
45.11.182.30
protectioon.cdn4.mozilla.net
79.132.128.228
185.189.151.61
-
base_path
/fonts/
-
build
250249
-
exe_type
worker
-
extension
.bak
-
server_id
50
Targets
-
-
Target
4c0e67.exe
-
Size
40KB
-
MD5
89b4b5f702481b9b218dadfce9c9853b
-
SHA1
1999cbad156476550a0cf8207887373073466edb
-
SHA256
b0e40dab94b05dcb01dbb9a162c8c75685b41bfdc2ce74ff2e579d84bb33fdd7
-
SHA512
57bbb407b439a71e40a5de3c4dd1c1a71abcafb635587aa29ae624538cb74c5bed9bad4adac65855a4f6151d84a3e4cd4d7e12e4a8782b97113aa438fe1525a3
-
SSDEEP
768:vKbMPv5JL/yWeM4CPSlWoEKCCldH24pjwg3jllNeErDqr:v4MHLL/2wPumCXnpjwgLkEw
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-