General
-
Target
Seroxen.exe
-
Size
12KB
-
Sample
240426-3z77tsef99
-
MD5
8208ea3955533b799b0f5f65db02df8a
-
SHA1
8829745dd294bb94d1dc39266cb2b8c2457b00cd
-
SHA256
0663f1114eca93d267e0ae9ddbaacf05974d77c0fa95efdf22f23ecbdf8e38cb
-
SHA512
f9d17761a044ec89490c7727a4cd365f950dd4e5f56762363ea8441fed2a6552036aafc8804fdddf87488148d2e94052e8f94c11dcc36e77d8d047baaf97448a
-
SSDEEP
192:+3s2rvMWWwghZv1Bsl0csO9qqjKw65dKUmP+eBQ8JG0x/kPo:as27M/zhZNyWjO9H65dDmPVQKdkw
Static task
static1
Behavioral task
behavioral1
Sample
Seroxen.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Seroxen.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Seroxen.exe
Resource
win11-20240419-en
Malware Config
Extracted
gozi
Targets
-
-
Target
Seroxen.exe
-
Size
12KB
-
MD5
8208ea3955533b799b0f5f65db02df8a
-
SHA1
8829745dd294bb94d1dc39266cb2b8c2457b00cd
-
SHA256
0663f1114eca93d267e0ae9ddbaacf05974d77c0fa95efdf22f23ecbdf8e38cb
-
SHA512
f9d17761a044ec89490c7727a4cd365f950dd4e5f56762363ea8441fed2a6552036aafc8804fdddf87488148d2e94052e8f94c11dcc36e77d8d047baaf97448a
-
SSDEEP
192:+3s2rvMWWwghZv1Bsl0csO9qqjKw65dKUmP+eBQ8JG0x/kPo:as27M/zhZNyWjO9H65dDmPVQKdkw
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-