General
-
Target
Test_build.zip
-
Size
8KB
-
Sample
240301-px14vagb3y
-
MD5
a31444f186338abac1a3e29c4d054e56
-
SHA1
9a325e8dc7f74d48f6716be3acecd9ce52cd5258
-
SHA256
e1344f0a42033fea7eb7b506a0cd33b74c6a83f86211da208c0c996d82546d9b
-
SHA512
be7d6967bfbf80984d7de7896a8dd728c63daa1c0b77d529f46c3d5fd765b159c55a413100639fabeaca226456ff45a4cd47448740626064f393bb672420492b
-
SSDEEP
192:kwTdZMa0p+gQmtHZZRP+rqQJhN4cGelKApR6MDg2Rk9YkKAFc2:kwTJ0wgTZZRP+pJhN4pelKgHhuKAFc2
Static task
static1
Malware Config
Extracted
gozi
Targets
-
-
Target
Test.exe
-
Size
11KB
-
MD5
5316f94f8fffd08c5310cb0f6846218d
-
SHA1
2f9638c6c3a4effe1c20607e8ebede6d02a4200a
-
SHA256
f0ae556ffd859de70b76b7b78f115dd4088b401ccf65e68b19e701893ec3e540
-
SHA512
8e04564f2c654d5c7ae5626c7fe274c82353eec7214ee3a29eae09d14cfee8015a882fae5a05dc5dbeddde714ab9d577ad0279218ce115f705f219ffc6e8a632
-
SSDEEP
192:5S8JjCBhb3B0xo/+54+tl1PSLqe9psG0UmXwsq2WU81I6hhMH:5SOS5B0xp57lcLqeTsFX5q2WVW6g
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-