General
-
Target
d37a1ad57c494e0a18f57ec18615582c270e8c74fdf5c01005e1cb42fcdb3aa7
-
Size
1.3MB
-
Sample
230223-gvlmdaeh78
-
MD5
db2e14a99c955600e370f99b76d48824
-
SHA1
691512783ca7aff47fa187432e9c85af0dc64c75
-
SHA256
d37a1ad57c494e0a18f57ec18615582c270e8c74fdf5c01005e1cb42fcdb3aa7
-
SHA512
59c15e566700b46a5a26f430b93ffae169b78d27402676aca1cc8d486aef7f604956aaa8e96439fb56cca3c53d731fe3100be35ebaf446e8efe2acc4d7403cef
-
SSDEEP
12288:GGj8TrMdc++NjgmikirbgjE35JPuoqLr6yKDWN2Q7CJKMUwnFP66Lhck02NZG4L7:1o3MdcHUfLJptqPa6NVMNR66dcM5RR
Static task
static1
Behavioral task
behavioral1
Sample
metaplatform02.pdf..lnk
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
https://colodart.top
-
host_keep_time
2
-
host_shift_time
1
-
idle_time
1
-
request_time
10
Targets
-
-
Target
metaplatform02.pdf..lnk
-
Size
293.6MB
-
MD5
d8564cb88267993101b3f0f54048c6a4
-
SHA1
75dad371e05629179c7e30bd24a068553336aefd
-
SHA256
e80e664931e44044b7d162100524858755203db39402ddc8f816a508404ea3c5
-
SHA512
a41b87daa0aea3057a4e1cdd29a7aa81e488880e714139529c75bc714ac803dd43e6a0acac143d2c3edbfac4582205c66e822c4561e817a4337fcb910abb0d57
-
SSDEEP
24576:87MkCMWioaEMPQjw1coi5qsSrKz6Fwoh73sVDGSQ7wqfU:0hQRoAz6quxhC
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-