General
-
Target
spoofer_FUD_no_rat_ud_methode.exe
-
Size
12KB
-
Sample
240303-db99vabg9x
-
MD5
bdcee724628c5c04f401b26429a06b08
-
SHA1
319702d9ebaa92c2f75277c3307898a2043b2425
-
SHA256
dff6882f7fe9414df2dbc785e62bfd701946ab80fe2bcd3942b914fd5c2b31b4
-
SHA512
769d5ebdf8683a35a5960dfb5b1a9347e999c4d93e1f8581a9b0a58750af3304c96be6af50e455c11a185f54fd3d03f7346d6afc01cadf39f42f4534a650dfc2
-
SSDEEP
192:mOldg+izUB5pEDoXEDbsshvYGV9FboyfdWbpGhBy8JgW9:mdxMXXEbJhv9Roy5ks
Static task
static1
Malware Config
Extracted
gozi
Targets
-
-
Target
spoofer_FUD_no_rat_ud_methode.exe
-
Size
12KB
-
MD5
bdcee724628c5c04f401b26429a06b08
-
SHA1
319702d9ebaa92c2f75277c3307898a2043b2425
-
SHA256
dff6882f7fe9414df2dbc785e62bfd701946ab80fe2bcd3942b914fd5c2b31b4
-
SHA512
769d5ebdf8683a35a5960dfb5b1a9347e999c4d93e1f8581a9b0a58750af3304c96be6af50e455c11a185f54fd3d03f7346d6afc01cadf39f42f4534a650dfc2
-
SSDEEP
192:mOldg+izUB5pEDoXEDbsshvYGV9FboyfdWbpGhBy8JgW9:mdxMXXEbJhv9Roy5ks
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-