General
-
Target
updater.exe
-
Size
12KB
-
Sample
240310-w7behaac2x
-
MD5
90059cae17f089b18aabff2b911befda
-
SHA1
d1ba2e521124925669f9529c2a258402f58b20ee
-
SHA256
f94342f97c194dc2d475c4bb5cf4626d6f935b2e0208a61e0f655a5ca0c88f4c
-
SHA512
2d65140c12a4ae559ff2e04bdb6e817933bce5ad151ae194231f2be1e33f69ecc014edcf159bd1162fbc66ee33ef641d5163e68c8e01f59bf05700b52c87ff9b
-
SSDEEP
192:xYrE8+eKxaDytZvvH50gc5eqcE8tyvRu1ss8JGL:xY1+N+EZv/2grqRcEu1J5
Static task
static1
Malware Config
Extracted
gozi
Targets
-
-
Target
updater.exe
-
Size
12KB
-
MD5
90059cae17f089b18aabff2b911befda
-
SHA1
d1ba2e521124925669f9529c2a258402f58b20ee
-
SHA256
f94342f97c194dc2d475c4bb5cf4626d6f935b2e0208a61e0f655a5ca0c88f4c
-
SHA512
2d65140c12a4ae559ff2e04bdb6e817933bce5ad151ae194231f2be1e33f69ecc014edcf159bd1162fbc66ee33ef641d5163e68c8e01f59bf05700b52c87ff9b
-
SSDEEP
192:xYrE8+eKxaDytZvvH50gc5eqcE8tyvRu1ss8JGL:xY1+N+EZv/2grqRcEu1J5
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-