General
-
Target
mapper.exe
-
Size
11KB
-
Sample
240310-q3v1fsdg85
-
MD5
8d7617283e5dbf574c18467011ee218c
-
SHA1
add0f9513b7055564ff74ce1b59dab7ee1606a97
-
SHA256
27ac4656ed2ddbae711ea1fc0a4ec7277c65015166997304bf9ff53622f69fc5
-
SHA512
a11ce10889a024ef705b30f03f9fd815c198dc2153b02e4da825d5e53ab8de353fac9d941fc603c22a19ed3becb5055f55a4487c18775dca917126a7a98757ae
-
SSDEEP
192:508Jq6z9SI1BtaU/IgmfggTMnzxqqKkhCKyvSi:50vmdmfggT2QhKyvS
Static task
static1
Malware Config
Extracted
gozi
Targets
-
-
Target
mapper.exe
-
Size
11KB
-
MD5
8d7617283e5dbf574c18467011ee218c
-
SHA1
add0f9513b7055564ff74ce1b59dab7ee1606a97
-
SHA256
27ac4656ed2ddbae711ea1fc0a4ec7277c65015166997304bf9ff53622f69fc5
-
SHA512
a11ce10889a024ef705b30f03f9fd815c198dc2153b02e4da825d5e53ab8de353fac9d941fc603c22a19ed3becb5055f55a4487c18775dca917126a7a98757ae
-
SSDEEP
192:508Jq6z9SI1BtaU/IgmfggTMnzxqqKkhCKyvSi:50vmdmfggT2QhKyvS
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-