General
-
Target
byfronx_build2.3.zip
-
Size
9KB
-
Sample
240602-a9jb8sdb2v
-
MD5
f06cddbdf537ca9327ba651ecf530449
-
SHA1
0fca44fa6ad62312be681a983539f88642b00c88
-
SHA256
5a6a889f9381e40f2e3334dc18f1e77a8ef5ed45d08fb9fe8510348b77cd3401
-
SHA512
1e4ed2afd66fee23c4c6a15a45da0eaa13386f9525ed2896884642fd608a801002cfa59cc33cc73b3b89dfe58c1f1aa74768a388dd95026bbb7e32cae45a2542
-
SSDEEP
192:7sh7AO+M+/CjukGKnnjY1rwkrgEnrYg+LrW3ZZ6zkue85Fkp+CA8EN2s6D:s7hmmuqn8I+uwZZ+O7JAtMVD
Static task
static1
Behavioral task
behavioral1
Sample
byfronx.exe
Resource
win7-20240508-en
Malware Config
Extracted
gozi
Targets
-
-
Target
byfronx.exe
-
Size
11KB
-
MD5
4d1b12832ef20bf2acaa4e8f10664d0e
-
SHA1
c8898fb62b2fc8dd5128ba6f4c4c750737496da7
-
SHA256
20af88559726e7022ef0531232bb25a9ec1a4c7fd45ea80ff5d414b9d8e16438
-
SHA512
23bd9d057e44890597d39a3d364985d75de25fb6c35791a8ec0beb365f677425ab162d86cbfa8bd10d6c8cfc87986efee1e04ac95d1bb675b9f1042cb64cb34e
-
SSDEEP
192:5D8JPEKHC+LcBheE5XDAf72k13QgtCz8/1W+GArT0I7TA0c:5DInHlUhxdDAz2axCz8/1sp
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-