General
-
Target
cf62b3fbc55c62a48a85a3d6b295b081.bin
-
Size
11KB
-
Sample
240305-d8qxgaed25
-
MD5
cf62b3fbc55c62a48a85a3d6b295b081
-
SHA1
8b8fd603fd5c6b0811ca8eff011a313b8d6c3a2c
-
SHA256
605552d2a7cbe2167ec7aabf803a67462a9b4f268e964bff4d01b2d45b22ac38
-
SHA512
77d566dda5ccb97d4de3c85bf010f5940ddc36adf187fbe787304687058e9f12a3a50cd3e500cb1b45e53d70f5df269ab33ae402bc1ebdccb9dcb1cc3898aa3b
-
SSDEEP
192:5eS8JZEU4afHwLcJMB5WR8Y4Z0YmezCjkdWmwKLOgwidJVJcLrdPUsuSvfo:5eSiEmHecuHkcZbDSXFgwmJ83vuSH
Static task
static1
Behavioral task
behavioral1
Sample
cf62b3fbc55c62a48a85a3d6b295b081.exe
Resource
win7-20240221-en
Malware Config
Extracted
gozi
Targets
-
-
Target
cf62b3fbc55c62a48a85a3d6b295b081.bin
-
Size
11KB
-
MD5
cf62b3fbc55c62a48a85a3d6b295b081
-
SHA1
8b8fd603fd5c6b0811ca8eff011a313b8d6c3a2c
-
SHA256
605552d2a7cbe2167ec7aabf803a67462a9b4f268e964bff4d01b2d45b22ac38
-
SHA512
77d566dda5ccb97d4de3c85bf010f5940ddc36adf187fbe787304687058e9f12a3a50cd3e500cb1b45e53d70f5df269ab33ae402bc1ebdccb9dcb1cc3898aa3b
-
SSDEEP
192:5eS8JZEU4afHwLcJMB5WR8Y4Z0YmezCjkdWmwKLOgwidJVJcLrdPUsuSvfo:5eSiEmHecuHkcZbDSXFgwmJ83vuSH
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-