General
-
Target
thegreatestexploit.exe
-
Size
11KB
-
Sample
240602-m1636abg89
-
MD5
b255f2988558b9dbc3cc5a9814803364
-
SHA1
6cab200559f340364b3a3cea3cf321e7d32cec97
-
SHA256
f2a05b8bcb63042b9af36a0aa52bca8ae9de5664edc6bb1a46499ab9516e4ae5
-
SHA512
5bcf60d73069c15087cce591b4f3bf125b3649528758068859c6ef510b811c336962afdc20ee29a805a90fd7eff98ae7b97062035666144ae0e78d19796773d3
-
SSDEEP
192:598Jf9mV2Xm51Mpa0kGea0ICntHvl7QYrm/sxn8Ft1eSwcU1r:59AoMpauL0/vhQYKUxsjJd8
Static task
static1
Behavioral task
behavioral1
Sample
thegreatestexploit.exe
Resource
win7-20240215-en
Malware Config
Extracted
gozi
Targets
-
-
Target
thegreatestexploit.exe
-
Size
11KB
-
MD5
b255f2988558b9dbc3cc5a9814803364
-
SHA1
6cab200559f340364b3a3cea3cf321e7d32cec97
-
SHA256
f2a05b8bcb63042b9af36a0aa52bca8ae9de5664edc6bb1a46499ab9516e4ae5
-
SHA512
5bcf60d73069c15087cce591b4f3bf125b3649528758068859c6ef510b811c336962afdc20ee29a805a90fd7eff98ae7b97062035666144ae0e78d19796773d3
-
SSDEEP
192:598Jf9mV2Xm51Mpa0kGea0ICntHvl7QYrm/sxn8Ft1eSwcU1r:59AoMpauL0/vhQYKUxsjJd8
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-