General
-
Target
DATA DPR.exe
-
Size
920KB
-
Sample
240529-r34g9shf4t
-
MD5
a94f55d81f838e77fa3e5187c72e0f95
-
SHA1
72ab38cf2aa50c7358a0faa6d077b91d0898d20d
-
SHA256
f5e56a262514ad5036a1fbe91e3c9ebedf0d874e2d95a91cb7e9693f60d8d33e
-
SHA512
081f71a423a063fc566eba681a47c57bc2248fbcd20b451f6c9ac781c9d5061f89556a878b9559a1d0aa153d8b55610ab27b80ecbadc880eeb3b607d88fb1e8f
-
SSDEEP
24576:AMHDEzlk8VnuAibycLXe3tJACKnHMpxh:AUDEC8puAkW3tJAjnHO
Static task
static1
Behavioral task
behavioral1
Sample
DATA DPR.exe
Resource
win7-20231129-en
Malware Config
Extracted
gozi
Targets
-
-
Target
DATA DPR.exe
-
Size
920KB
-
MD5
a94f55d81f838e77fa3e5187c72e0f95
-
SHA1
72ab38cf2aa50c7358a0faa6d077b91d0898d20d
-
SHA256
f5e56a262514ad5036a1fbe91e3c9ebedf0d874e2d95a91cb7e9693f60d8d33e
-
SHA512
081f71a423a063fc566eba681a47c57bc2248fbcd20b451f6c9ac781c9d5061f89556a878b9559a1d0aa153d8b55610ab27b80ecbadc880eeb3b607d88fb1e8f
-
SSDEEP
24576:AMHDEzlk8VnuAibycLXe3tJACKnHMpxh:AUDEC8puAkW3tJAjnHO
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-