General
-
Target
9404576418.zip
-
Size
412KB
-
Sample
230303-vxrhasaf64
-
MD5
64693f0c4bce7691f60dad2033a5de2e
-
SHA1
b518665a89ad5bb2470ddcb16ffdd400499e2131
-
SHA256
d713bd24ce7d88bad7f5723a7686daae8b26617f9f50997a50a594ce060d6f02
-
SHA512
7b866a4edd695032b2ff2f8b8adc4c2513776df78ec66dd41a366c212af30e032f79688512522de2f01336f0bd2dc391a176f4881c0f4194aa9c6cf554681de6
-
SSDEEP
12288:hKJ3JUxtm1EeNWN4AnThB6kWSpzQ5+a4Tr:i5GmOe+zntTZn
Static task
static1
Behavioral task
behavioral1
Sample
7fa0f446c34ee2fca3fcfbc2f6f0010b6b2dbec804927b4de266fe67839b9d1b.exe
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
20000
https://checklistg.google.com
http://185.189.151.250
https://edge14.microsoft.com
http://45.11.181.117
-
base_path
/binaries/
-
build
250255
-
exe_type
loader
-
extension
.ato
-
server_id
50
Extracted
gozi
20000
https://checklistg.google.com
http://194.76.225.110
https://edge14.microsoft.com
http://194.76.227.187
http://109.230.199.106
http://45.11.180.110
http://185.219.220.150
http://79.132.132.247
-
base_path
/binaries/
-
build
250255
-
exe_type
worker
-
extension
.ato
-
server_id
50
Targets
-
-
Target
7fa0f446c34ee2fca3fcfbc2f6f0010b6b2dbec804927b4de266fe67839b9d1b
-
Size
456KB
-
MD5
9b08e2a02d22e1782c0d035bb363314f
-
SHA1
01bd90a8244764ca9be447003e04504055bc7ff8
-
SHA256
7fa0f446c34ee2fca3fcfbc2f6f0010b6b2dbec804927b4de266fe67839b9d1b
-
SHA512
4d12990775d56166b977110bdf715daf26521993e1951b08988cd27422793fdc6e3d5dbedf7c53e738b35e6fd0c3a1599b99955375ef1ea4f1d1b4d1f40c42d5
-
SSDEEP
12288:j2FKUnggYedaoWBDXIEUYOgG7fnEW+rvAA2uxQa:j0ggVazrBU7vEBY4Ka
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-