General
-
Target
RX7劫持远程控制.zip
-
Size
14.1MB
-
Sample
240629-m9c7fawenc
-
MD5
e4fdacf80aac030ca8c13921d58d9258
-
SHA1
5bcc4c05171da69e9cfb647904e744269cbc197e
-
SHA256
8eebed272994240553654294949b8390a7009fb3a3ca66dc071d87f64209d986
-
SHA512
7fbe13097d6bc84d8d5c4020ac57e7ad4be5f702e741fe40e81dfcd39b02426dfad5d971e055a9facd4ef1dde2358f27868eb5e6302462b09164a2e998a47d1b
-
SSDEEP
196608:p37i71DuF7IdEdCQty+9r5XwFvpXoC5bq6x/3AT1SUK+4gt7rMur2VmLxgW:pLixDwdCir5cpXrQK3Ax54aQhW
Static task
static1
Behavioral task
behavioral1
Sample
RX7??????/RX7??????.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RX7??????/RX7??????.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
RX7??????/RX7??????.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
RX7??????/RX7??????.exe
Resource
win11-20240419-en
Malware Config
Extracted
gozi
Targets
-
-
Target
RX7??????/RX7??????.exe
-
Size
9.0MB
-
MD5
9bb985a8d656695e7145b476f5843d9b
-
SHA1
692349d245063578785f536eff53e74cb2ed3e8f
-
SHA256
016c08c41d90c4824da1a0986cb76ff50fd529ad699b6fdb02ce2b9bcdcd7fa1
-
SHA512
5ea151ae0e88a16e908e5fe5446248095e8aed337617b375dae00cbf01cd7c93153c37315bb20f6579b7a17e908e8f8873577e680a387dc54da535f6c3756430
-
SSDEEP
98304:bhR4VT3Qs1nkoqshkmafkVsKys31+9KiugFWQJtbGkPQlrW5pDwffds7p8PLC4G/:dmVjTVkoNnekL3wDBP2yiW7LnM/kVa92
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-