General
-
Target
FreeRobuxv1_build.zip
-
Size
9KB
-
Sample
240312-yel2mshf8y
-
MD5
2e2d6a87221b1a165c7f42bc150205f2
-
SHA1
9c2a38609bf03357e923e2276314d62ed08afc0e
-
SHA256
973d738d0cf9a4f656813a19746da90253243730d94a3b7b520d1f7ad0d51b7d
-
SHA512
2dd284f8a6afb58e62b9069adda57ab90db9cc58840c87bc6303066be90bbec88ef5d96bf188279c3212c926b4c3c0f6be684a07e4fad9bcb1979955b877f28d
-
SSDEEP
192:1Ny9eN53ywSK9vFrCVG1lXBGSwB5IcOhYknCIFNWbVwE1MRW8JFaS4v9:T8MYw/qGfXXwBChnjgODJFa9
Static task
static1
Behavioral task
behavioral1
Sample
FreeRobuxv1.exe
Resource
win7-20231129-en
Malware Config
Extracted
gozi
Targets
-
-
Target
FreeRobuxv1.exe
-
Size
12KB
-
MD5
b860036b6798a377033c3d6409935e91
-
SHA1
1c5ce68e70409e386908b42d8c80c673a8e5745e
-
SHA256
057b180354970eeecf9d506ab324aac433794567581cbc969e20b9d000bb64fc
-
SHA512
084e47ac691e92098df131beba81762c8006910ec6528e66bb274babe0aa9bd78b0273fbab08aff5e842a12281f299c43f51527a70cf06e4cfac8976a254d85f
-
SSDEEP
192:yXz4aPmoCP8ZWfiB0kE/Xx/Sl2DHnJfriSGUg8Jl0w:yXBO8ZWfiB0TXxKlk3GUgi5
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-