General
-
Target
NEAS.a3f4c907a088c99a8b7bf5f4280d7d0cbin_JC.zip
-
Size
166KB
-
Sample
231007-qff8sace8z
-
MD5
afc01e2fdcd7105f90002ad89bc99201
-
SHA1
93ce3a35058878156c543676968fd22d49bbcbb2
-
SHA256
d96cfe4d4513c1c860bbc38ee8f5f0cc50a4c162165ec071de75c6101b84b7a6
-
SHA512
eb1cc1f912a9d8d9919812708720e3e818a3db53b51e9f90a0703d3d8258125442f23e8d98b767ffe296993d4de800b7ceef1adbe53fa470b4c5d9a66d272e04
-
SSDEEP
3072:XLb6QVGnq59/uszwZLg3KWY6gTId5e89UdhhaTRkLpVWz33UqpLJp1XLnlOA:7bonG/7kZLuaTW889yhQOLpVW4qbLLR
Static task
static1
Behavioral task
behavioral1
Sample
7665e793186c3c83ec2c2c69adaee5e81ec60d395d8714921352296a5ab88ae6.exe
Resource
win7-20230831-en
Malware Config
Extracted
gozi
Extracted
gozi
5050
mifrutty.com
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Extracted
gozi
5050
http://igrovdow.com
-
base_path
/pictures/
-
build
250260
-
exe_type
worker
-
extension
.bob
-
server_id
50
Targets
-
-
Target
7665e793186c3c83ec2c2c69adaee5e81ec60d395d8714921352296a5ab88ae6.exe
-
Size
304KB
-
MD5
a3f4c907a088c99a8b7bf5f4280d7d0c
-
SHA1
9a9297bd0af1c008eb7477c1e310ce70c30c6d56
-
SHA256
7665e793186c3c83ec2c2c69adaee5e81ec60d395d8714921352296a5ab88ae6
-
SHA512
106a0a4275a421a6dbef6c43e76921e6eae1aca5f6d960f823763a3127b7ebf826c626da460db82451aba4a94c32c8c198d6871b0a2c6de7d96c937384e92f9b
-
SSDEEP
6144:Oo+91vDNpa6NK56upTHirwtc3nhBvjQOR/Oz2IHTN+:ONDLu4K56u1HqfhBvjQOWz2W
-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-