General
-
Target
preperation.exe
-
Size
12KB
-
Sample
240301-ac4xnsgc2s
-
MD5
b76a50c52e965f75d0600dca2f973575
-
SHA1
267c6183eb27325fbf724e6f41252f5c05251c8e
-
SHA256
7f710c8c20d1de56c385f2216ca2015e536884fde5658d7e820a4e21b6ea0fa8
-
SHA512
fcf5e61e896ad6338d6114ef7f67880ccca9a22a9830840a4ddb98eb6ab734ef21af01eee1bcab5c527498602ccf2b366d1e3b8d021f9083b10e0d1643964a35
-
SSDEEP
192:8ZF9I7HfMmej2H5VyrYNilz1rKG3vbouzS8e8JwhA:8Z87/MoHnyVEGTvOs
Static task
static1
Malware Config
Extracted
gozi
Targets
-
-
Target
preperation.exe
-
Size
12KB
-
MD5
b76a50c52e965f75d0600dca2f973575
-
SHA1
267c6183eb27325fbf724e6f41252f5c05251c8e
-
SHA256
7f710c8c20d1de56c385f2216ca2015e536884fde5658d7e820a4e21b6ea0fa8
-
SHA512
fcf5e61e896ad6338d6114ef7f67880ccca9a22a9830840a4ddb98eb6ab734ef21af01eee1bcab5c527498602ccf2b366d1e3b8d021f9083b10e0d1643964a35
-
SSDEEP
192:8ZF9I7HfMmej2H5VyrYNilz1rKG3vbouzS8e8JwhA:8Z87/MoHnyVEGTvOs
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-