General
-
Target
errorfix.exe
-
Size
12KB
-
Sample
240417-ewnr1sfa2s
-
MD5
3c3cc0c77044bb9cdf1f814b23d4fe7e
-
SHA1
152bd8706be97bcc3987d7886d50270b3d292f8d
-
SHA256
07cdceeaaf48e8de3d2ff47cb9c61172c4985f38a40f32d906cf0ba69114eb98
-
SHA512
7ebf5df813334cb7b94e709143de32b51da29a8a04528d174d539a5636c8fb1c3259d304bd42a4ef6eeba7cef6362e604ba525892add97a766fd9349b4bb3a84
-
SSDEEP
192:NbzEBc1tP9qOuC0ij8GWVDjbgtqtp7NiznbMWJ+eoKJ8Jz5j:NbGc11cOPmHbgtqtAb5+1OC
Static task
static1
Behavioral task
behavioral1
Sample
errorfix.exe
Resource
win7-20240221-en
Malware Config
Extracted
gozi
Targets
-
-
Target
errorfix.exe
-
Size
12KB
-
MD5
3c3cc0c77044bb9cdf1f814b23d4fe7e
-
SHA1
152bd8706be97bcc3987d7886d50270b3d292f8d
-
SHA256
07cdceeaaf48e8de3d2ff47cb9c61172c4985f38a40f32d906cf0ba69114eb98
-
SHA512
7ebf5df813334cb7b94e709143de32b51da29a8a04528d174d539a5636c8fb1c3259d304bd42a4ef6eeba7cef6362e604ba525892add97a766fd9349b4bb3a84
-
SSDEEP
192:NbzEBc1tP9qOuC0ij8GWVDjbgtqtp7NiznbMWJ+eoKJ8Jz5j:NbGc11cOPmHbgtqtAb5+1OC
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-