General
-
Target
Invoice_Details.js
-
Size
42KB
-
Sample
230718-t1ykcacc23
-
MD5
22067f54377e90dc3fdd5f384c1fe3ee
-
SHA1
56b2afbc94b67f1c1f5e0a2340e25ca066b9baad
-
SHA256
5e5722af27fc7ae05a9f9705ce1d680fec5fef27a67019c37e2bd768c8e7c07e
-
SHA512
af74c25ae0cc74316411d129d7c0a13e81efe0b0cbb207c1e45e323288364b36d1b2d383af5161efb3a7c491494b67bfee90ec8c97420a956b623eb4f12bfe56
-
SSDEEP
384:kac3is6ZeUS1ogXzxmOP0U4OmB/P9rVOKeHBYH8Ffu+wtizOdKUmJYgqEq4SjoaM:/7ylm9FgH1gTP5C1XfW51TJfmh1EE
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_Details.js
Resource
win7-20230712-en
Malware Config
Extracted
gozi
Extracted
gozi
20000
http://45.11.182.38
http://79.132.130.230
https://listwhfite.check3.yaho1o.com
https://lisfwhite.ch2eck.yaheoo.com
http://45.155.250.58
https://liset.che3ck.bi1ng.com
http://45.155.249.91
-
base_path
/zerotohero/
-
build
250260
-
exe_type
loader
-
extension
.asi
-
server_id
50
Targets
-
-
Target
Invoice_Details.js
-
Size
42KB
-
MD5
22067f54377e90dc3fdd5f384c1fe3ee
-
SHA1
56b2afbc94b67f1c1f5e0a2340e25ca066b9baad
-
SHA256
5e5722af27fc7ae05a9f9705ce1d680fec5fef27a67019c37e2bd768c8e7c07e
-
SHA512
af74c25ae0cc74316411d129d7c0a13e81efe0b0cbb207c1e45e323288364b36d1b2d383af5161efb3a7c491494b67bfee90ec8c97420a956b623eb4f12bfe56
-
SSDEEP
384:kac3is6ZeUS1ogXzxmOP0U4OmB/P9rVOKeHBYH8Ffu+wtizOdKUmJYgqEq4SjoaM:/7ylm9FgH1gTP5C1XfW51TJfmh1EE
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-