General
-
Target
349b17e618164143782e1d8d506e21aa
-
Size
544KB
-
Sample
231231-nq3hnafhek
-
MD5
349b17e618164143782e1d8d506e21aa
-
SHA1
4296742cad27bdbed286f1df84c0f162ba216237
-
SHA256
f28c1c6e9c3c394739a6d79e4d748941b9c0a3576d084380485aa8d807a2266d
-
SHA512
b99d1fe2e395e0cff1e7897858fd0379be1671da2371cf8f421e22a69e5381aa5f32eb738e8a9ee53da2a9d783c9573ea82e03798216ab0ed4a40d5499a2a454
-
SSDEEP
12288:rqru80paIRPWxvFzhzFIkoAIcYrIAfDE0cb1Yklllll/lllll7K10QUNI0H:rs0IIFWx9zlFIkoADY8kcbHlllll/llH
Static task
static1
Behavioral task
behavioral1
Sample
349b17e618164143782e1d8d506e21aa.dll
Resource
win7-20231129-en
Malware Config
Extracted
gozi
Extracted
gozi
8877
outlook.com
xaaorunokee.site
taaorunokee.site
-
base_path
/hreeen/
-
build
250212
-
dga_season
10
-
exe_type
loader
-
extension
.lof
-
server_id
12
Targets
-
-
Target
349b17e618164143782e1d8d506e21aa
-
Size
544KB
-
MD5
349b17e618164143782e1d8d506e21aa
-
SHA1
4296742cad27bdbed286f1df84c0f162ba216237
-
SHA256
f28c1c6e9c3c394739a6d79e4d748941b9c0a3576d084380485aa8d807a2266d
-
SHA512
b99d1fe2e395e0cff1e7897858fd0379be1671da2371cf8f421e22a69e5381aa5f32eb738e8a9ee53da2a9d783c9573ea82e03798216ab0ed4a40d5499a2a454
-
SSDEEP
12288:rqru80paIRPWxvFzhzFIkoAIcYrIAfDE0cb1Yklllll/lllll7K10QUNI0H:rs0IIFWx9zlFIkoADY8kcbHlllll/llH
-
Blocklisted process makes network request
-