General
-
Target
updater.exe
-
Size
12KB
-
Sample
240312-za3dhaad6y
-
MD5
37b8c8f0ee4d6ccc3be91becda803c53
-
SHA1
4c7f461c5935b50b6d8412fc2dda9d361031c3ba
-
SHA256
4f953cb2b47a8cd44c077c80e145fe59161815bda879984e321629a2fc0c87fa
-
SHA512
f5f7e0c81ea2f24338bb262b359233df6ba906195c14a13415c2d306545aa90fedce51ccfa2ac9357cbb96afe818988709511b25ef2cbaac32357ab41b130408
-
SSDEEP
192:cPrhGoPHBgbhQ+Z06EwOmPNGfVslg1tYHFUs8JYT:cP8oJWW16omlGtMg1uldh
Static task
static1
Malware Config
Extracted
gozi
Targets
-
-
Target
updater.exe
-
Size
12KB
-
MD5
37b8c8f0ee4d6ccc3be91becda803c53
-
SHA1
4c7f461c5935b50b6d8412fc2dda9d361031c3ba
-
SHA256
4f953cb2b47a8cd44c077c80e145fe59161815bda879984e321629a2fc0c87fa
-
SHA512
f5f7e0c81ea2f24338bb262b359233df6ba906195c14a13415c2d306545aa90fedce51ccfa2ac9357cbb96afe818988709511b25ef2cbaac32357ab41b130408
-
SSDEEP
192:cPrhGoPHBgbhQ+Z06EwOmPNGfVslg1tYHFUs8JYT:cP8oJWW16omlGtMg1uldh
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-