Overview
overview
10Static
static
3d44580ffdb...82.exe
windows7-x64
1d44580ffdb...82.exe
windows10-2004-x64
10dpp.dll
windows7-x64
3dpp.dll
windows10-2004-x64
5libcrypto-1_1.dll
windows7-x64
1libcrypto-1_1.dll
windows10-2004-x64
3libsodium.dll
windows7-x64
1libsodium.dll
windows10-2004-x64
1libssl-1_1.dll
windows7-x64
1libssl-1_1.dll
windows10-2004-x64
1opus.dll
windows7-x64
1opus.dll
windows10-2004-x64
1zlib1.dll
windows7-x64
3zlib1.dll
windows10-2004-x64
3General
-
Target
553752231804010536.rar
-
Size
2.2MB
-
Sample
230707-jbq4vsgh5s
-
MD5
8c919c4c93a6d1b7afc77cf6d851c4cb
-
SHA1
a67d0d4df0a6bfb04e2d3410ce998db52faca0c7
-
SHA256
d75ecbed0a0bfea3a71dde0aed0958e5d98e2890d520532a09a4e5321d7d680a
-
SHA512
29798f2d41b505c13cd9b232efed93ecc8dcf6eaccd0022b2ed67eea5bdf1dfcdab37acdc18b9f1cf4f2095734d1e3e645541c58002baabfb3fa368b49360812
-
SSDEEP
49152:h/LWoL80/5jsLbi6YFDZ0emIev4YujFxWMRm1CKmzQv8xbgF:h/LWoL1hUbivYe1ZYaxWMw1JmzQvss
Static task
static1
Behavioral task
behavioral1
Sample
d44580ffdb610f1e16bb1aa1-1671885c0c25bc69333368a6-cd55441bbeb4517f30766c0e80428782.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
d44580ffdb610f1e16bb1aa1-1671885c0c25bc69333368a6-cd55441bbeb4517f30766c0e80428782.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
dpp.dll
Resource
win7-20230703-en
Behavioral task
behavioral4
Sample
dpp.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
libcrypto-1_1.dll
Resource
win7-20230703-en
Behavioral task
behavioral6
Sample
libcrypto-1_1.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
libsodium.dll
Resource
win7-20230703-en
Behavioral task
behavioral8
Sample
libsodium.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral9
Sample
libssl-1_1.dll
Resource
win7-20230703-en
Behavioral task
behavioral10
Sample
libssl-1_1.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral11
Sample
opus.dll
Resource
win7-20230705-en
Behavioral task
behavioral12
Sample
opus.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral13
Sample
zlib1.dll
Resource
win7-20230703-en
Behavioral task
behavioral14
Sample
zlib1.dll
Resource
win10v2004-20230703-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
repeseparation.ru
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
d44580ffdb610f1e16bb1aa1-1671885c0c25bc69333368a6-cd55441bbeb4517f30766c0e80428782.exe
-
Size
667KB
-
MD5
228528e1171885f06cc5229916db396a
-
SHA1
8abb08cbdd58d1764330e2e3f97ae9bacea37fe6
-
SHA256
bb80edc51af9d03fbcd338464d5fa5125b0a793e26775f9227bceda47c824bfc
-
SHA512
c0b5c2b3ccfd2b1078c4edbcf62dde1edeb8bb7b663759825d6035565dfb5d226180b067570e4fe10bfa44347777501d4ccdab9b9e98f4b84d6539923a123c47
-
SSDEEP
12288:NqYAuKNceB6vtYbze0/nfLpbrTmtpdqEhXzGIsMW5Amw0Ya74e+JClNj:UYAUeZj/nfLpbnmjdPzhsMW5AmRx8bJI
-
Detected phishing page
-
Nirsoft
-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
dpp.dll
-
Size
1.9MB
-
MD5
692026ff118997f30b9c314df54bce25
-
SHA1
a09c770f410ad4df8e78c6d0723f70521cfb63f1
-
SHA256
75c5725344092eb7a9f0c2c74c85a98f73d7d4c8201a677b206c35655c2e33d8
-
SHA512
60d5b1b29e19150636a0b7c593e95bac2bc42c0cc2dd6335cc45794f64fc5f64044f64365a9ef742616ffc025e121f2455425808a44add02bb28173394b87e36
-
SSDEEP
24576:myAuvuKXRiZAhSso8JceUkeo4YUPyGdT0QP5YYM5RaIz7pMqijwG0Vzcd00:myvXawC6UkZ4YUtzPSYES0Vzcd00
Score5/10-
Drops file in System32 directory
-
-
-
Target
libcrypto-1_1.dll
-
Size
2.5MB
-
MD5
31643a6540ba24cf98a97cef42634048
-
SHA1
0206d691eaa40885713327c11e000cb771a21703
-
SHA256
e36557189986f864b35c4f3d66b3356ce242c73217ec9ec5c3d66453c480633f
-
SHA512
5f5c74fecacb723126ff099ad7303af500b5125ecef2966fb3104d3668d07e836266680a7628a63a5a26200f6139bed77e7f5c7533a9934cb81be9857800de41
-
SSDEEP
49152:cmjrvGvz67Ltvwm98Iq1CPwDv3uFfJIfAE3C:cmjbXLim98b1CPwDv3uFfJ
Score3/10 -
-
-
Target
libsodium.dll
-
Size
329KB
-
MD5
be8a4636d7dd224ef4774065189ce7ff
-
SHA1
6aadb8d601333a3136647cb8a96480e277798d9e
-
SHA256
84fa23e1bd52d64265d6eb31b72fb40bb539856110633a6e0583003290e5f61a
-
SHA512
2fe3b94f473f81e6e8834455789d9401dcd4650b66a24a57d9f923ca9487e3cccbaf9caeb9033ef63bbb287a4c41776587776b2acf3281fa99d7f285d0bf27a9
-
SSDEEP
6144:A3i+tJnFTK1+EGqOX9lHy7e460QmXV50DErDbvt:l+tZqO3460QmwD6b
Score1/10 -
-
-
Target
libssl-1_1.dll
-
Size
523KB
-
MD5
46c50a365a8a11627137ad52e4ab2f94
-
SHA1
6d02dc794a756c077233f074bd85c4b8241c24df
-
SHA256
187b33ab7a95d4722ff7dc6e2a0e6f121f68fd034b708a946b76748ec2a39b83
-
SHA512
3e2bdb912e77c249950d3dac3d3937d716e982fa9dfa3aeb48760219e53e99e70292294cc80992095bb18ee62329aac69c253dea2ae6037c9e80e1500a32b1c0
-
SSDEEP
12288:gypyeH2O8Dkmb4yjpesKWjy/MMk+cdU2lvzAE:lceHp5PIQMT+aU2lvzAE
Score1/10 -
-
-
Target
opus.dll
-
Size
307KB
-
MD5
a4c7c50ebed6a72ead1baa4cb3057c81
-
SHA1
21ae7d92ce5f6684c2bb091a780830fb7e2263c0
-
SHA256
0d518b2def8d3e2d6a1d221ddc6d66a338ab1ba6068461d1cf5f3b7d39c97793
-
SHA512
1d679f5d0805907ada13a79b5d673ff1262334fbed6bdda2812a4c183aea7dd1d775f847048d5c5d06aa920b76936b61ad7426e77502807935a93ec953e03071
-
SSDEEP
6144:TqrbR0re3Pr2VvnErmo03zglw+VH2jNAZ2EG7cjplyDjCa/ZLBvBm8v:WrN0re3T2VvECoeV+J822EPyDjCa/x
Score1/10 -
-
-
Target
zlib1.dll
-
Size
73KB
-
MD5
05bf83777d5b6c7bf74a512f51f34a7b
-
SHA1
5c177218220a9c1df6eff2fc46bf3dd512986222
-
SHA256
0d2a785476bf5ab1906f4738e92df18a2c438e27225c1c1cac9afe77417c0b46
-
SHA512
0249ac76f843b3d46120da665ebe3b361f120477997f3809b88188d1afeffa2a789f5a990930441f54729d1e806c2ce005893ac77a88dd87d302e2ee49eba941
-
SSDEEP
1536:iD5gPaCVRn77BGHXrfD0zelgdRH/KNn6BnToIfhIOsIOEmhfgh:Q59+R7t+szelgdRfKNcTBfLiEmhfgh
Score3/10 -