General
-
Target
a(1)2.zip
-
Size
1.1MB
-
Sample
230517-tjsb1aff77
-
MD5
0d0b2130b9aec308b0400589037fa53f
-
SHA1
5f15ea7ba22fe60fc22c706fe1b4ee88f2ea89cc
-
SHA256
d626dbd4711a19522a5695a113975dbed2ddaab79e402b548e004fd4706fb8c7
-
SHA512
cac77e906e28ed2d99ceab945c55f9d16837f0125a112dc0d9f1ef92a55b29b32a1d41153eb7a0086ce9cef2675a52ef37dd158c9422b7cdb80951707679b0b0
-
SSDEEP
24576:FdLPnpJGrok203ADi/cKH3UT0GGaH5pehUeZZWcm:bMoVyADikeUQUpehjZdm
Static task
static1
Behavioral task
behavioral1
Sample
a(1).msi
Resource
win7-20230220-en
Malware Config
Extracted
gozi
1000
https://bastarka.top
-
host_keep_time
2
-
host_shift_time
1
-
idle_time
1
-
request_time
10
Targets
-
-
Target
a(1).msi
-
Size
1.9MB
-
MD5
40063b0d2cc2ad8d2a4f417437f00bd6
-
SHA1
cd9422f560eb663c44aae11ee04caf44d33f48ea
-
SHA256
9540647deb1906e0cd500b77f0632ffdac6d76f079ab32835cf5efa225e4e0ea
-
SHA512
138278449a7f0473131abc9b7d6880abe58bcc8ceef90282fa38397092e07914e282a31a47a00b6695548bf8ce4786dd60500225185129f281c1dbc9f9a09d6d
-
SSDEEP
49152:+pyP2OmJH6g7sJzM+C5JCNS5WPvwaq8G5tBKXUWcUAaypBG:BjJzMUp3GXgEWcpHG
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-