General
-
Target
direct.ps1
-
Size
264B
-
Sample
210728-wxgty84cv2
-
MD5
bc63701022e39b52b73a21448e6b5973
-
SHA1
0195f5f6163eddc5676e357b8e76aa2fa5bf013e
-
SHA256
38cd03b944e9368f595347945a7a3a3fd657601578fbd74f5954875f0db15644
-
SHA512
529d35828dfd0b8b5c380b8d11cf91c1e55d4f55c274929372ff210352519d4b0792fbe67f453d3296e2d38a1e2cdf4070d85028034556d5009d943957884f3c
Static task
static1
Behavioral task
behavioral1
Sample
direct.ps1
Resource
win7v20210408
Malware Config
Extracted
https://docs.zohopublic.eu/downloaddocument.do?docId=674ni1c6312a91d7149af89b6475ece38b9b3&docExtn=png
Extracted
gozi_ifsb
7410
signin.microsoft.com
alliances.bar
allianceline.bar
alliancer.bar
-
build
250206
-
dns_servers
107.174.86.134
107.175.127.22
-
exe_type
loader
-
server_id
12
Targets
-
-
Target
direct.ps1
-
Size
264B
-
MD5
bc63701022e39b52b73a21448e6b5973
-
SHA1
0195f5f6163eddc5676e357b8e76aa2fa5bf013e
-
SHA256
38cd03b944e9368f595347945a7a3a3fd657601578fbd74f5954875f0db15644
-
SHA512
529d35828dfd0b8b5c380b8d11cf91c1e55d4f55c274929372ff210352519d4b0792fbe67f453d3296e2d38a1e2cdf4070d85028034556d5009d943957884f3c
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-