General
-
Target
842a488e7f20a2e63eb7d08eaf9b140b468f6c0286249f48b615d7af04ea608d
-
Size
1012KB
-
Sample
230213-mwa5xsca9z
-
MD5
9a8807cb7e86af1abecbe7f52a01162b
-
SHA1
861a67fe5bd9bcc790d68d649dfc087a277d0f17
-
SHA256
842a488e7f20a2e63eb7d08eaf9b140b468f6c0286249f48b615d7af04ea608d
-
SHA512
989d50986e6e09b2682cd8e9e89aaea3e732c15b708aeaca6533f04e3a5e3d301f6df0c63c472e295c2fd3810e80257cb533611e1f1e2f6df383ea3cdb8ac2f5
-
SSDEEP
12288:z6auVk1fMXeAY/q37378MtyetwlgNf118DOEIjxm0A6bR/XQCw2mhVzjBW:znsk1UuNc37DyeSlcfpEIt1A6KCRmhVc
Static task
static1
Behavioral task
behavioral1
Sample
Correction_req.pdf..lnk
Resource
win7-20220812-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
https://mereter.cloud
-
host_keep_time
2
-
host_shift_time
1
-
idle_time
1
-
request_time
10
Targets
-
-
Target
Correction_req.pdf..lnk
-
Size
293.1MB
-
MD5
0e7de4826bd78b409a224f2f58c5843d
-
SHA1
553ad02ca943105fdae585fbfb682855f5edbb24
-
SHA256
149a0f30fdc4943e37a83a31ebad5e6f1f31901e6ad3d54c00f69c84e70c93c1
-
SHA512
d4c9a2b5a5f1cbd897d7a5d4acce78315cb8e359b7c9ef4490a3371ca2e28be2c92ae62861216043967f35079d2adf484df5fbebc1fec3dd811a416a5982c1e1
-
SSDEEP
12288:T4OjM+EEjRhWs8g4avgzxl8oFubywIYeGPuxmiR1ky9VvzkUs37CQN:T4iMREtkzg4avgzEcwbPuxRH9V77srCK
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-