General
-
Target
Invoice_Details.zip
-
Size
10KB
-
Sample
230718-t6q3fscc83
-
MD5
32e7ae2c7ea17e394eec3262d00ca2cc
-
SHA1
b1d4a8da261109f7c55923938f0d7f3507792db2
-
SHA256
4a44bf781e5ddd0a77dcaa97caafb1be31392fa6fc63891ff7e595318030b540
-
SHA512
90e1537c614448ba2d919221d54e483dc6d5eb6a3f8d5ca0bb0528e812a626cf26901a2202387deb29efc60a9d2a286b0bee8ab0e0d2b026b3156681e3291278
-
SSDEEP
192:7jRpAsVb6q6tIrRMpKZjYMgxhqeacz2PqhYhn/xrTKwswSo8eez:PTAsMqwIFMpKebDqzcz2VhprTKwGoTM
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_Details.js
Resource
win7-20230712-en
Malware Config
Extracted
gozi
Extracted
gozi
20000
http://45.11.182.38
http://79.132.130.230
https://listwhfite.check3.yaho1o.com
https://lisfwhite.ch2eck.yaheoo.com
http://45.155.250.58
https://liset.che3ck.bi1ng.com
http://45.155.249.91
-
base_path
/zerotohero/
-
build
250260
-
exe_type
loader
-
extension
.asi
-
server_id
50
Targets
-
-
Target
Invoice_Details.js
-
Size
42KB
-
MD5
22067f54377e90dc3fdd5f384c1fe3ee
-
SHA1
56b2afbc94b67f1c1f5e0a2340e25ca066b9baad
-
SHA256
5e5722af27fc7ae05a9f9705ce1d680fec5fef27a67019c37e2bd768c8e7c07e
-
SHA512
af74c25ae0cc74316411d129d7c0a13e81efe0b0cbb207c1e45e323288364b36d1b2d383af5161efb3a7c491494b67bfee90ec8c97420a956b623eb4f12bfe56
-
SSDEEP
384:kac3is6ZeUS1ogXzxmOP0U4OmB/P9rVOKeHBYH8Ffu+wtizOdKUmJYgqEq4SjoaM:/7ylm9FgH1gTP5C1XfW51TJfmh1EE
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-