General
-
Target
devs_remade.zip
-
Size
8KB
-
Sample
240425-xsdfzsdf86
-
MD5
834b49b90bec500281c3d7c3bb634be0
-
SHA1
131e959c1e4a2a9b067642714062d7f19dce9e70
-
SHA256
656cab1640e1a3ba7c0a09e1effb3088a3da0cdbba20c9a070e7645565ec29fa
-
SHA512
733aeb27d55c362598222f4770467f9df7e00856419a295d77dc290498f7504948f25947e5d94fe2019092b89b433ff2e0e3c25a857f5a40566c8efa18914a82
-
SSDEEP
192:i1+Am+IZfQQor6QH2S+fCeez0xDRYjvDyVT54VPv2:DAVIZYQorrWS+fCeeA1YjvDJ2
Static task
static1
Behavioral task
behavioral1
Sample
remade.exe
Resource
win7-20240221-en
Malware Config
Extracted
gozi
Targets
-
-
Target
remade.exe
-
Size
12KB
-
MD5
d116fc8b3d62848f3c005985d0e18287
-
SHA1
ad449fcffb6d7756ed603fc48d384a2f7bf34809
-
SHA256
d026890ad03b278b0cff408b1ddb0775ff119d913f7699409ccb8d6ef627f0cb
-
SHA512
2ddb1376fe0c14019764c0982fb833f1f1a6e7c86654685e72ab9a2400aa5ca2e534758e556004ea1f8ce2b1e96784f7224c8f21ffe26eb429f5945d88fa959e
-
SSDEEP
192:/yEJFKaIkQeqIKbMZqdeMGq7sYFNSu6rYPjv8JaGn:/yORQeqjbMZqwMG2TSvEPDl0
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-