General
-
Target
t2B88.exe
-
Size
364KB
-
Sample
230315-2askeaff32
-
MD5
58b9be6abe82b30c44dc293e236623d2
-
SHA1
d308b4bccfffde00f43a74c8580aa06acbeae9c9
-
SHA256
3ccc12a39185496cbc3bd9adbaa4a8a451bcfeeae97e0273e36caf5e62d5a9aa
-
SHA512
e7b193059fa4ffb15c8d83a317adc74819990bc47a33c107ec00c9ae80a9161177710fa89651cf6a660605067b2b1c93612ef44d0bf1e2ac96a97be7d1eef62d
-
SSDEEP
6144:z8JsLcpjzTDDmHayakLkrb4NSarQW82X+t40XR1CVNIQC9oL:IzxzTDWikLSb4NS7t2X+t40XR1GuQSoL
Static task
static1
Behavioral task
behavioral1
Sample
t2B88.exe
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
5050
https://config.edge.skype.com
157.254.195.117
91.215.85.151
-
base_path
/jerry/
-
build
250255
-
exe_type
loader
-
extension
.bob
-
server_id
50
Targets
-
-
Target
t2B88.exe
-
Size
364KB
-
MD5
58b9be6abe82b30c44dc293e236623d2
-
SHA1
d308b4bccfffde00f43a74c8580aa06acbeae9c9
-
SHA256
3ccc12a39185496cbc3bd9adbaa4a8a451bcfeeae97e0273e36caf5e62d5a9aa
-
SHA512
e7b193059fa4ffb15c8d83a317adc74819990bc47a33c107ec00c9ae80a9161177710fa89651cf6a660605067b2b1c93612ef44d0bf1e2ac96a97be7d1eef62d
-
SSDEEP
6144:z8JsLcpjzTDDmHayakLkrb4NSarQW82X+t40XR1CVNIQC9oL:IzxzTDWikLSb4NS7t2X+t40XR1GuQSoL
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-