General
-
Target
Downloads.zip
-
Size
23.1MB
-
Sample
231021-b3kgdseb52
-
MD5
c680ac48333450b51b7864d21895cc90
-
SHA1
92870f185c6be6b8d55a294f5de59c98061193d8
-
SHA256
c442edf2f963a0fa28e9525ec63904241dd78f0d1310f770f2f9a2f14b21aece
-
SHA512
29d5cb0edc4ce466bf8543305152e1d271d2357c00a688e48e63645742dc8c84ffd75860c809946507ed6ad5a4afa96c278e95916518574b53f6613d5ea9e250
-
SSDEEP
393216:wBRF+vGbfzxpO829aWD/mttgSwnN4KC3/ARTOTKUNRKLyktlwrSOR:gF66S829n/WwuoRToKU/KLT+J
Static task
static1
Malware Config
Extracted
gozi
Extracted
gozi
1000
repeseparation.ru
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
Downloads.zip
-
Size
23.1MB
-
MD5
c680ac48333450b51b7864d21895cc90
-
SHA1
92870f185c6be6b8d55a294f5de59c98061193d8
-
SHA256
c442edf2f963a0fa28e9525ec63904241dd78f0d1310f770f2f9a2f14b21aece
-
SHA512
29d5cb0edc4ce466bf8543305152e1d271d2357c00a688e48e63645742dc8c84ffd75860c809946507ed6ad5a4afa96c278e95916518574b53f6613d5ea9e250
-
SSDEEP
393216:wBRF+vGbfzxpO829aWD/mttgSwnN4KC3/ARTOTKUNRKLyktlwrSOR:gF66S829n/WwuoRToKU/KLT+J
-
Detected phishing page
-
Nirsoft
-
Downloads MZ/PE file
-
Stops running service(s)
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-