General
-
Target
bf237f642cd049be1e0be68de0f3bd6ed97be7d05059fb2825f94fd0a5afebfd_JC.exe
-
Size
422KB
-
Sample
231011-gpz8ksfe95
-
MD5
c788f8e7a2d0311297bd198ca9d05ec8
-
SHA1
64240992ba99ae27b0bb4fe277a95524a4b139db
-
SHA256
bf237f642cd049be1e0be68de0f3bd6ed97be7d05059fb2825f94fd0a5afebfd
-
SHA512
2295c28aa11e3c1ea09f0ba790ea1e8322b3c996f4f27bf0aec9edf0997329ea8d13b98417e856f7bd922f4a0d9ef786117b8354a04b752d53e6b53733db4f5d
-
SSDEEP
6144:eH0vsBFRMXdX0tn7qnmUVR9g0pHii2B8mG+R2FLxgwExgw:eH0v4FRyX0tnWnN9pHiN4+R2NxEx
Static task
static1
Behavioral task
behavioral1
Sample
bf237f642cd049be1e0be68de0f3bd6ed97be7d05059fb2825f94fd0a5afebfd_JC.exe
Resource
win7-20230831-en
Malware Config
Extracted
gozi
Extracted
gozi
5050
netsecurez.com
whofoxy.com
mimemoa.com
ntcgo.com
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Extracted
gozi
5050
fotexion.com
-
base_path
/pictures/
-
build
250260
-
exe_type
worker
-
extension
.bob
-
server_id
50
Targets
-
-
Target
bf237f642cd049be1e0be68de0f3bd6ed97be7d05059fb2825f94fd0a5afebfd_JC.exe
-
Size
422KB
-
MD5
c788f8e7a2d0311297bd198ca9d05ec8
-
SHA1
64240992ba99ae27b0bb4fe277a95524a4b139db
-
SHA256
bf237f642cd049be1e0be68de0f3bd6ed97be7d05059fb2825f94fd0a5afebfd
-
SHA512
2295c28aa11e3c1ea09f0ba790ea1e8322b3c996f4f27bf0aec9edf0997329ea8d13b98417e856f7bd922f4a0d9ef786117b8354a04b752d53e6b53733db4f5d
-
SSDEEP
6144:eH0vsBFRMXdX0tn7qnmUVR9g0pHii2B8mG+R2FLxgwExgw:eH0v4FRyX0tnWnN9pHiN4+R2NxEx
-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-