General
-
Target
Setup.zip
-
Size
9KB
-
Sample
240420-c5lynsfb8v
-
MD5
5b51ab92abd34b7f9859f0a50b6537d2
-
SHA1
668c7fa311e4fb5e294460884476b9a1db37e0c8
-
SHA256
96bc9cad0f24664a12810038dc85ca883bb9c1a4b282e9eeaa730a018b94103b
-
SHA512
f0d6f7f212b5b3e89b569c8101a0d7d48a5c0cd1d0e6a7b6752ef4203f7179d1bc326dfbe1777d3005e5a09cf434c664305f616a890f05708554c1c667a5b550
-
SSDEEP
192:TesLPM91YbmFH5CycaWU/57tvQSFEYRD2Vgs2lpzDdloMtwKC:TlU9SbmFM7m5pjRDKclp3duMbC
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240221-en
Malware Config
Extracted
gozi
Targets
-
-
Target
Setup.exe
-
Size
11KB
-
MD5
26574a0cf8a8f4b3912efbf5bbb809b3
-
SHA1
14890aa8c08effa19e121a7941fb16538f95f5c5
-
SHA256
ef8512e3a592b4043a515dd93d3b8f548c907b870b5ba43136bf94751551a2a2
-
SHA512
543037d781276fd1e4a9e09ca1151ee13a4fbff51a86a209a2482550ab2d827644fbb715b12d478f60b1ec018f9e91c752db2570c1a7ac8d45c8708dfa885ef3
-
SSDEEP
192:5+8Jt+kf2fccv4yUwBqVKCdRMrm3xRYsQbp2eUHD:5+Lk+fyZYk5MrmBRYHbp2eUH
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-