Analysis
-
max time kernel
140s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 09:09
Static task
static1
Behavioral task
behavioral1
Sample
cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529.exe
Resource
win7-20240221-en
General
-
Target
cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529.exe
-
Size
304KB
-
MD5
9b6b559fa7c7bfddd6b6b98c4a297207
-
SHA1
9c718b58377404c8d1c38d08bd5a91591d58f4da
-
SHA256
cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529
-
SHA512
0a8ccc2aec2999ce7622837885817b9fc7e316174af331d33da9e8f6a654f212fdc05fe467fe7543e25540b02cfe5fee651c578eb6be9141571c9b110fd17f86
-
SSDEEP
6144:LtxDF4g+xZbJLrAR1bd3HozgsFrfsTZsy64x1V9ukYwTYQeB:JxDeg+9coHsTSy6Suvexe
Malware Config
Extracted
gozi
Extracted
gozi
1001
dialerrorbodyorig.org
cserhtmlordi.net
srcubusrctimeouthtml.info
stimeoutbodytimeout.biz
ubuhtmlerrorsubuntudial.info
ditimbodytimeout.com
origsolerhterrorhtml.org
srcerdialtimeout.biz
origstimeoutsoltimeout.biz
timeoutstims.com
diersrcerhtmlerhtml.com
htmlorditimeoutsrc.com
bodycsrcubuntu.org
origbotimeout.net
comhtorboubu.info
timeoutsordierhtmlubuntu.net
ubuntusrccom.com
ubuntudiubuntubo.org
dialcomsrcorig.org
orhtmlcbodyerrorhtml.net
srccombodyorhtml.com
serrorhtmlubuhtmler.biz
orightubudialcomdial.biz
bodyerboubuser.net
othersandtyrantpeoplebe.info
abdicatedhosupporthave.biz
samelivessuwifut.net
bretpeoplesupnatandmeas.net
ameseparationfelworlda.com
separationusurp.net
legislaturefrithe.biz
militarynegl.info
andtheirpolitical.org
statesformstthe.info
happalliancesththeir.org
effectpretendedsho.info
serrorbodycombodytimeout.info
csolubuntudial.info
bodyerrorsrcerrorscscsol.net
dialubuntudicom.biz
ersolcsolerditim.com
timbodytimhtml.com
solerrorboorigdialsrcor.org
ubuntubocomsrctimeout.com
ubusolerrorhtmlcbody.net
solcomsrccombodycom.info
ubuntuditimeout.org
orsolerrorboubuntusbody.org
-
exe_type
worker
-
server_id
12
Processes
-
C:\Users\Admin\AppData\Local\Temp\cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529.exe"C:\Users\Admin\AppData\Local\Temp\cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4672,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:81⤵