General
-
Target
disk.exe
-
Size
11KB
-
Sample
240309-2mwgtsdd3v
-
MD5
edac8e253d37344d0998d9c1c32fee3f
-
SHA1
f068cf22c92446ec0c37d682ef445f3bec1fc67b
-
SHA256
ec5b3436eaa876208ad7931b3b3aaa14cfd91c17063542272909edadd711e454
-
SHA512
e01d8a9bea1e00e4a0b43dbe7871605bce835f60eff60e3996b8735b7f16526aba8f4b3212882526fa62598997236237735c0324f6da4bb59900baf2ef738136
-
SSDEEP
192:5C8JjNo/NoD33npGQPF2yd4AzbwV/zykPvbVj40w8oJ:5CONoloDnEQPF24zbw1r93o
Static task
static1
Malware Config
Extracted
gozi
Targets
-
-
Target
disk.exe
-
Size
11KB
-
MD5
edac8e253d37344d0998d9c1c32fee3f
-
SHA1
f068cf22c92446ec0c37d682ef445f3bec1fc67b
-
SHA256
ec5b3436eaa876208ad7931b3b3aaa14cfd91c17063542272909edadd711e454
-
SHA512
e01d8a9bea1e00e4a0b43dbe7871605bce835f60eff60e3996b8735b7f16526aba8f4b3212882526fa62598997236237735c0324f6da4bb59900baf2ef738136
-
SSDEEP
192:5C8JjNo/NoD33npGQPF2yd4AzbwV/zykPvbVj40w8oJ:5CONoloDnEQPF24zbw1r93o
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-