General
-
Target
c7681c22d523006d9c3add3fa41a153b
-
Size
483KB
-
Sample
240314-cjqpqsfh8y
-
MD5
c7681c22d523006d9c3add3fa41a153b
-
SHA1
628c15be81b6fc96eaabfdebecac2548699a295c
-
SHA256
f565b0130f788c545bc043de75979acc5265ddf4d5601d1b356c8303fdc9a684
-
SHA512
5f3822aca29be6f7d6d822dfceadc758444b609d47c56b75803d97f7db0170808b3e5ee659412fc7c80c26f02a8465bfffa3313fa425b2a607612aefa507d65b
-
SSDEEP
12288:Lm/ldWpPJexHnEWhaYqlq7ewBOvo4IWYyic2IL/Vi:Lm/2pIxHnEB9Q7e4JjWZfL/E
Behavioral task
behavioral1
Sample
c7681c22d523006d9c3add3fa41a153b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c7681c22d523006d9c3add3fa41a153b.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
gozi
Targets
-
-
Target
c7681c22d523006d9c3add3fa41a153b
-
Size
483KB
-
MD5
c7681c22d523006d9c3add3fa41a153b
-
SHA1
628c15be81b6fc96eaabfdebecac2548699a295c
-
SHA256
f565b0130f788c545bc043de75979acc5265ddf4d5601d1b356c8303fdc9a684
-
SHA512
5f3822aca29be6f7d6d822dfceadc758444b609d47c56b75803d97f7db0170808b3e5ee659412fc7c80c26f02a8465bfffa3313fa425b2a607612aefa507d65b
-
SSDEEP
12288:Lm/ldWpPJexHnEWhaYqlq7ewBOvo4IWYyic2IL/Vi:Lm/2pIxHnEB9Q7e4JjWZfL/E
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-