General
-
Target
#Gozi
-
Size
1.2MB
-
Sample
211005-lrm39ahhcn
-
MD5
fe127f07c086ee240c4699ae97b23672
-
SHA1
980b76c3bb9f12c2033897c9e432c3f0f4d3db31
-
SHA256
2f4d76314a00fb7a8047fcdd3ee26c39d2a550cde356d35ae517631392a66e8a
-
SHA512
4442d5342ea200a05fbc95f5281fdda7aacfad7c22665c8f10d0c81db0fd6009344a77c708bfca129026037b8985772682e439a2325bc55cf46e9b4e89b51381
Static task
static1
Behavioral task
behavioral1
Sample
#Gozi.dll
Resource
win7-en-20210920
Malware Config
Extracted
gozi_ifsb
8899
msn.com/login
vloderuniok.website
gloderuniok.website
-
build
260212
-
dga_season
10
-
exe_type
loader
-
server_id
12
Targets
-
-
Target
#Gozi
-
Size
1.2MB
-
MD5
fe127f07c086ee240c4699ae97b23672
-
SHA1
980b76c3bb9f12c2033897c9e432c3f0f4d3db31
-
SHA256
2f4d76314a00fb7a8047fcdd3ee26c39d2a550cde356d35ae517631392a66e8a
-
SHA512
4442d5342ea200a05fbc95f5281fdda7aacfad7c22665c8f10d0c81db0fd6009344a77c708bfca129026037b8985772682e439a2325bc55cf46e9b4e89b51381
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Blocklisted process makes network request
-