General
-
Target
a3aa691bc97faf6f17eec0841b5ff730.dll
-
Size
1.0MB
-
Sample
210418-at7b49647s
-
MD5
a3aa691bc97faf6f17eec0841b5ff730
-
SHA1
9a642c22ebc19f4f8063b5ae986843916309b95a
-
SHA256
eb639e9d45ed4d4cf911195b7ef53d61897dd8f826c542ae411854ddec3aea87
-
SHA512
6664e24a698b1f7b392b8bcc1f64525b90ee0b6d63d4c86fd4f099888dcb1b90a6dde7986b406abdb3813941e1e7e9c35fe9268951996ff18aba0ae290ada939
Static task
static1
Behavioral task
behavioral1
Sample
a3aa691bc97faf6f17eec0841b5ff730.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a3aa691bc97faf6f17eec0841b5ff730.dll
Resource
win10v20210410
Malware Config
Extracted
gozi_ifsb
1000
http://ey7kuuklgieop2pq.onion
http://shoshanna.at
http://buismashallah.at
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Extracted
gozi_ifsb
1000
http://ey7kuuklgieop2pq.onion
http://shoshanna.at
http://buismashallah.at
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
a3aa691bc97faf6f17eec0841b5ff730.dll
-
Size
1.0MB
-
MD5
a3aa691bc97faf6f17eec0841b5ff730
-
SHA1
9a642c22ebc19f4f8063b5ae986843916309b95a
-
SHA256
eb639e9d45ed4d4cf911195b7ef53d61897dd8f826c542ae411854ddec3aea87
-
SHA512
6664e24a698b1f7b392b8bcc1f64525b90ee0b6d63d4c86fd4f099888dcb1b90a6dde7986b406abdb3813941e1e7e9c35fe9268951996ff18aba0ae290ada939
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-