General
-
Target
b565aa423ca4ba6e8c6b208c2.dll
-
Size
585KB
-
Sample
230704-qy7tfsfb6t
-
MD5
b565aa423ca4ba6e8c6b208c22e5b056
-
SHA1
0f661ba97e702021988fa372fde43bd3165f1cfe
-
SHA256
894668791d06262dd16740235faa3b1672e2cb5cf171954f29abaca421c09265
-
SHA512
b426343c6e8fa54e892fdbf506f1865d89e134e25ff9552bfe2dea36e791a017380aa5220c1af08922e2619d49731f73889de2e6e2efc155c64f4f6f87d701dd
-
SSDEEP
6144:2Qs4GPx2zWaTL8pxi5mLgNKz+ODzKaDtdjokutIC54VQQkPBRm2mZOkjnEsWKsGs:Y4sQiMjNa+ODmsWDOWrK1idIGd
Static task
static1
Behavioral task
behavioral1
Sample
b565aa423ca4ba6e8c6b208c2.dll
Resource
win7-20230703-en
Malware Config
Extracted
gozi
Extracted
gozi
5050
https://avas1ta.com/in/login/
itwicenice.com
-
base_path
/jerry/
-
build
250259
-
exe_type
loader
-
extension
.bob
-
server_id
50
Extracted
gozi
5050
https://avas1t.de/in/loginq/
itwicenice.com
-
base_path
/pictures/
-
build
250259
-
exe_type
worker
-
extension
.bob
-
server_id
50
Targets
-
-
Target
b565aa423ca4ba6e8c6b208c2.dll
-
Size
585KB
-
MD5
b565aa423ca4ba6e8c6b208c22e5b056
-
SHA1
0f661ba97e702021988fa372fde43bd3165f1cfe
-
SHA256
894668791d06262dd16740235faa3b1672e2cb5cf171954f29abaca421c09265
-
SHA512
b426343c6e8fa54e892fdbf506f1865d89e134e25ff9552bfe2dea36e791a017380aa5220c1af08922e2619d49731f73889de2e6e2efc155c64f4f6f87d701dd
-
SSDEEP
6144:2Qs4GPx2zWaTL8pxi5mLgNKz+ODzKaDtdjokutIC54VQQkPBRm2mZOkjnEsWKsGs:Y4sQiMjNa+ODmsWDOWrK1idIGd
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-