General
-
Target
a17de50fcd71c572f423c943f926c2a9
-
Size
504KB
-
Sample
240224-k8g3wsfe63
-
MD5
a17de50fcd71c572f423c943f926c2a9
-
SHA1
bd34e4d57bfc1938ebc93d8f404dbe7e019db0cf
-
SHA256
e4a5317a1b7c1ab91bb131dba5fea06fdb89e38c291e17f71b5c1634cfddecbe
-
SHA512
4fb4b5c2af8e3199d2ad51f67739da48f8363f7a5b7446dd496d8b58c90d1949bc49e841ff48baf99da92a88cddf22258bf48217bfbe889bdd9ad8b0c9257199
-
SSDEEP
12288:B7wAjlh98sQ73RBgy6aqGT8jSXxhYb/iWVEJ10mVSV/+K/BCz7uW:B7wAQsQ735TYb/qhVSk3
Static task
static1
Behavioral task
behavioral1
Sample
a17de50fcd71c572f423c943f926c2a9.dll
Resource
win7-20240221-en
Malware Config
Extracted
gozi
Extracted
gozi
8877
outlook.com
xaaorunokee.site
taaorunokee.site
-
base_path
/hreeen/
-
build
250212
-
dga_season
10
-
exe_type
loader
-
extension
.lof
-
server_id
12
Targets
-
-
Target
a17de50fcd71c572f423c943f926c2a9
-
Size
504KB
-
MD5
a17de50fcd71c572f423c943f926c2a9
-
SHA1
bd34e4d57bfc1938ebc93d8f404dbe7e019db0cf
-
SHA256
e4a5317a1b7c1ab91bb131dba5fea06fdb89e38c291e17f71b5c1634cfddecbe
-
SHA512
4fb4b5c2af8e3199d2ad51f67739da48f8363f7a5b7446dd496d8b58c90d1949bc49e841ff48baf99da92a88cddf22258bf48217bfbe889bdd9ad8b0c9257199
-
SSDEEP
12288:B7wAjlh98sQ73RBgy6aqGT8jSXxhYb/iWVEJ10mVSV/+K/BCz7uW:B7wAQsQ735TYb/qhVSk3
-
Blocklisted process makes network request
-