General
-
Target
pw6564234
-
Size
563KB
-
Sample
210312-w4twsfdkha
-
MD5
477145fc6dad603f4e3b2218c619b529
-
SHA1
4ee92a74b0aecfbaa9befa1ace01472c8afdeef3
-
SHA256
0700fa851908bcd508385b8a6d90ff529ad91183256b18352812013d282ceb80
-
SHA512
7c0e7149adaf6c2d0284cc83b6f7e8117d4a3cfcfcc5a1a31b88da2a74aefdb536bd3537185643ecc8037ca144a276bef4d65360d692f7d00b42504063cde55f
Static task
static1
Behavioral task
behavioral1
Sample
pw6564234.dll
Resource
win7v20201028
Malware Config
Extracted
gozi_ifsb
5500
windows.update.com
shop.microsoft.com
fraloopilo.xyz
paladingrazz.xyz
web.vortex.data.microsoft.com
ocsp.sca1b.amazontrust.com
185.82.218.53
107.181.187.187
195.123.208.101
185.14.29.31
kraufaundingf.xyz
prilukisoft.xyz
drakluskolikooo.xyz
-
build
250177
-
dga_season
10
-
exe_type
loader
-
server_id
12
Targets
-
-
Target
pw6564234
-
Size
563KB
-
MD5
477145fc6dad603f4e3b2218c619b529
-
SHA1
4ee92a74b0aecfbaa9befa1ace01472c8afdeef3
-
SHA256
0700fa851908bcd508385b8a6d90ff529ad91183256b18352812013d282ceb80
-
SHA512
7c0e7149adaf6c2d0284cc83b6f7e8117d4a3cfcfcc5a1a31b88da2a74aefdb536bd3537185643ecc8037ca144a276bef4d65360d692f7d00b42504063cde55f
-
Suspicious use of SetThreadContext
-