General
-
Target
3a1211935c4bd148eb6fb23c40d4806ee5a488b09bd61b3c0d15a47dbbfe64fd_JC.exe
-
Size
406KB
-
Sample
231011-gwjt6sga55
-
MD5
2f5a00394c3568e91f6302dc6c8b196c
-
SHA1
116f6ba99db4592f1ab5ccb1a734fdc5a52021bc
-
SHA256
3a1211935c4bd148eb6fb23c40d4806ee5a488b09bd61b3c0d15a47dbbfe64fd
-
SHA512
a30efa790e3ad7af4e574ef0bf359b6a91691947cf434ddcd30a228af29dea0a9b5c1daff050ecae6e88912e8f04813f1df9680e6fc896cee63e36476e4bbe36
-
SSDEEP
12288:l1HmKzwKhZhZsuyOtldw5hbu5Ty7pySxN1t:bHGKhZzLQ5Wn6H
Static task
static1
Behavioral task
behavioral1
Sample
3a1211935c4bd148eb6fb23c40d4806ee5a488b09bd61b3c0d15a47dbbfe64fd_JC.exe
Resource
win7-20230831-en
Malware Config
Extracted
gozi
Extracted
gozi
5050
netsecurez.com
whofoxy.com
mimemoa.com
ntcgo.com
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Extracted
gozi
5050
fotexion.com
-
base_path
/pictures/
-
build
250260
-
exe_type
worker
-
extension
.bob
-
server_id
50
Targets
-
-
Target
3a1211935c4bd148eb6fb23c40d4806ee5a488b09bd61b3c0d15a47dbbfe64fd_JC.exe
-
Size
406KB
-
MD5
2f5a00394c3568e91f6302dc6c8b196c
-
SHA1
116f6ba99db4592f1ab5ccb1a734fdc5a52021bc
-
SHA256
3a1211935c4bd148eb6fb23c40d4806ee5a488b09bd61b3c0d15a47dbbfe64fd
-
SHA512
a30efa790e3ad7af4e574ef0bf359b6a91691947cf434ddcd30a228af29dea0a9b5c1daff050ecae6e88912e8f04813f1df9680e6fc896cee63e36476e4bbe36
-
SSDEEP
12288:l1HmKzwKhZhZsuyOtldw5hbu5Ty7pySxN1t:bHGKhZzLQ5Wn6H
-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-