General
-
Target
updater.exe
-
Size
11KB
-
Sample
240601-z585jafc2t
-
MD5
c12f497b375cd6c00b79767118af3d64
-
SHA1
df324df4328fa86ae0e7d7bb4f8ee73a224e9f96
-
SHA256
b31e91aa44393ac28366e2dbe207d4836f3e7c4b6e2a972f15fd619bd20c39ee
-
SHA512
649a284cc3ed982a686d785890633771e6e3a3cae09d8289938fc16be312fe0c699dc7ea24433b28327b8c3ed2e85a7430d75ab27516ac983eb3e5e9acab2b97
-
SSDEEP
192:5XYC8JnnVGge8BHm5J4X/5WcfLGp2pab3OwhQJZ0:5XYCy48BcJ4XRjfLdaLOH7
Static task
static1
Malware Config
Extracted
gozi
Targets
-
-
Target
updater.exe
-
Size
11KB
-
MD5
c12f497b375cd6c00b79767118af3d64
-
SHA1
df324df4328fa86ae0e7d7bb4f8ee73a224e9f96
-
SHA256
b31e91aa44393ac28366e2dbe207d4836f3e7c4b6e2a972f15fd619bd20c39ee
-
SHA512
649a284cc3ed982a686d785890633771e6e3a3cae09d8289938fc16be312fe0c699dc7ea24433b28327b8c3ed2e85a7430d75ab27516ac983eb3e5e9acab2b97
-
SSDEEP
192:5XYC8JnnVGge8BHm5J4X/5WcfLGp2pab3OwhQJZ0:5XYCy48BcJ4XRjfLdaLOH7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-