General
-
Target
gen_build.zip
-
Size
8KB
-
Sample
240311-wmp26aaa7t
-
MD5
41f614f1f978c645982238f03983d251
-
SHA1
dfd8e4f3d3d934de01e423b3f0393aeb4ebd81c7
-
SHA256
550f5faa4bdd6e5e435a19b6d77af1eace8750c5a9372d71f390454a949215f0
-
SHA512
f27d0869c705e5469e0226a22511ee71847367b6eba672208b47111e247c606e1f19d95bc85c496ab919d14f7d89f97947505937fd6dee693e7065fe94ba3b7d
-
SSDEEP
192:463e4x6I4YpoaB6dKe+Cfqn+nNN/e/e290nF6KQK:40e4x6UoLdKVFce2290FhQK
Static task
static1
Malware Config
Extracted
gozi
Targets
-
-
Target
gen.exe
-
Size
11KB
-
MD5
20d5e0346a1c60e73d2eb908e0e9a85f
-
SHA1
4fc58d46bab4d6dd3c5b0ab9dc32ec919cd10d0a
-
SHA256
0a6d713567f1e7e03058632a4a06fb658b44b1a5630353c705d0f9cbce221ed7
-
SHA512
c8342ea7b51311286aec1f6d83b338e495255def310b4e7cbd547f91d70bdc6265daa9d74198890f8fa005f3c653e98f026258401afe4edffcebc0dcb2ecfd50
-
SSDEEP
192:5mC8Jjn0kGUCbaNRn+Nz7y7VIh5ULYELbl3pBxANi:5mCO055bKF+NPiVekjblLxg
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-