General
-
Target
injector.exe
-
Size
12KB
-
Sample
240601-x4brjadb69
-
MD5
ea74d941f3d9b92bd05de9ef96b5f6c5
-
SHA1
e912ddd0828cbef8ff6555818fabf06e235d08f5
-
SHA256
fe6a6d1e57b00eef714b1e3bedbc96a786f6749d6eb822bc14a7a7e4913ce1b0
-
SHA512
11cdb3412abb0acfc3598f89741691094147bd421d0f4fd21cc66bff3797e40e9ff0c8f913821b898759d67e852584fb868e705c4fa217618589f8078b2a3213
-
SSDEEP
192:61Cs6L8OVuRWCfIvzYknpp4r0xv0iSe8GA7HaN+Xdzl4PFUZ8izxH8J+IBy:dsOxCfIvzFB5XE6OzlakrtHqo
Static task
static1
Behavioral task
behavioral1
Sample
injector.exe
Resource
win7-20240508-en
Malware Config
Extracted
gozi
Targets
-
-
Target
injector.exe
-
Size
12KB
-
MD5
ea74d941f3d9b92bd05de9ef96b5f6c5
-
SHA1
e912ddd0828cbef8ff6555818fabf06e235d08f5
-
SHA256
fe6a6d1e57b00eef714b1e3bedbc96a786f6749d6eb822bc14a7a7e4913ce1b0
-
SHA512
11cdb3412abb0acfc3598f89741691094147bd421d0f4fd21cc66bff3797e40e9ff0c8f913821b898759d67e852584fb868e705c4fa217618589f8078b2a3213
-
SSDEEP
192:61Cs6L8OVuRWCfIvzYknpp4r0xv0iSe8GA7HaN+Xdzl4PFUZ8izxH8J+IBy:dsOxCfIvzFB5XE6OzlakrtHqo
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-