General
-
Target
documents-998725151.zip
-
Size
411KB
-
Sample
230302-ykhw6see37
-
MD5
44b4b391d4fafd15bf4f384abec244fa
-
SHA1
9c55a13226a3b898a594138fd63aba358ea41732
-
SHA256
beb762d325c6c8ae3cb3876c6491913a51a2a79f336bf0509641e1ad9bddbaec
-
SHA512
cb5ce375f69baae1fb1fa86dfd62b827746734c9bf9f19343ca85b01c1a009e34abbfb1394058ebc7e34d6ba0f3d75e87329e6dcf0f853c33aab1e3787f5732a
-
SSDEEP
12288:C2zKUlggYedmoWXlXIEUYm0G7TniW+rv042uxdi:C0ggVm9BBUhriB8Q2
Static task
static1
Behavioral task
behavioral1
Sample
documents7.exe
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
20000
https://checklistg.google.com
http://185.189.151.250
https://edge14.microsoft.com
http://45.11.181.117
-
base_path
/binaries/
-
build
250255
-
exe_type
loader
-
extension
.ato
-
server_id
50
Extracted
gozi
20000
https://checklistg.google.com
http://194.76.225.110
https://edge14.microsoft.com
http://194.76.227.187
http://109.230.199.106
http://45.11.180.110
http://185.219.220.150
http://79.132.132.247
-
base_path
/binaries/
-
build
250255
-
exe_type
worker
-
extension
.ato
-
server_id
50
Targets
-
-
Target
documents7.exe
-
Size
456KB
-
MD5
a86a8857981e84a0920f7e6e793c7f33
-
SHA1
9e89b8e09bc7130ae9f14d07ac33c1c6079f7046
-
SHA256
a240d325f163f4dd9e3ea176d85a1f0864b31efe774402f3cd03c27ea15a4ae1
-
SHA512
256f77bfcfb3dfabb753d91f66936ad8b91760483286a2b0bbf8cb1daef7e67fc262063173af2db3d46114daaf46ee9d41ef2ec14d82fec1699255c100cb4536
-
SSDEEP
12288:H2FKUnggYedaoWBDXIEUYOgG7fnEW+rvAA2uxQR:H0ggVazrBU7vEBY4KR
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-