General
-
Target
Vision.exe
-
Size
11KB
-
Sample
240419-n99q3sbc39
-
MD5
03a313f879acc846733dda7dab474e59
-
SHA1
62a37965dce30437a5ee2407b07750dea10b5b44
-
SHA256
b4e3d2a90d6dae3782ffabc8fdd040cf5c5861611a5530147b95a51cae13e04d
-
SHA512
4e8966ea4736987f5d145202759eb3c00c00c64ad2e04f056f6131fcde4cc45221ac19d26cbd7205d9887a5b41bd2bb78c588591badb03ebafd6e2b7f4d45d20
-
SSDEEP
192:5q8J3KyvA4KprKGa5KSKEYsahWQk8C8IGYBezZN6JF9v0DBP66sKxTJJ0:5qkKyI4urK5KEY3jCbBqnI9vE7VxTJJ
Static task
static1
Behavioral task
behavioral1
Sample
Vision.exe
Resource
win7-20240221-en
Malware Config
Extracted
gozi
Targets
-
-
Target
Vision.exe
-
Size
11KB
-
MD5
03a313f879acc846733dda7dab474e59
-
SHA1
62a37965dce30437a5ee2407b07750dea10b5b44
-
SHA256
b4e3d2a90d6dae3782ffabc8fdd040cf5c5861611a5530147b95a51cae13e04d
-
SHA512
4e8966ea4736987f5d145202759eb3c00c00c64ad2e04f056f6131fcde4cc45221ac19d26cbd7205d9887a5b41bd2bb78c588591badb03ebafd6e2b7f4d45d20
-
SSDEEP
192:5q8J3KyvA4KprKGa5KSKEYsahWQk8C8IGYBezZN6JF9v0DBP66sKxTJJ0:5qkKyI4urK5KEY3jCbBqnI9vE7VxTJJ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-