General
-
Target
6.tar
-
Size
701KB
-
Sample
211011-m8k6nahabk
-
MD5
0a5f8dedebf1adf5f61bf39c6dd9fff6
-
SHA1
f746bdac4d61b58f8085cbe4549a9b11df9ee515
-
SHA256
e5491aa2958a837b01b8dd0d1942a6a8ec2755abbd4c9574afdc1afdabdfeb38
-
SHA512
5fac0d65f377459193603c169b589f06c23df52ecf1d9429313a8781f5cf6804d98dd7929a2cfe467e777983e260de91fe3c746acdb0a8665d160ee2a6d94665
Static task
static1
Behavioral task
behavioral1
Sample
6.tar.dll
Resource
win7-en-20210920
Malware Config
Extracted
gozi_ifsb
8899
msn.com/mail
breuranel.website
outlook.com/signup
areuranel.website
micosoft.updati.com
37.120.222.97
microsoft.com/updatewindows
37.120.222.175
dreuranel.site
ireuranel.site
creuranel.site
-
build
260212
-
dga_season
10
-
exe_type
loader
-
server_id
12
Targets
-
-
Target
6.tar
-
Size
701KB
-
MD5
0a5f8dedebf1adf5f61bf39c6dd9fff6
-
SHA1
f746bdac4d61b58f8085cbe4549a9b11df9ee515
-
SHA256
e5491aa2958a837b01b8dd0d1942a6a8ec2755abbd4c9574afdc1afdabdfeb38
-
SHA512
5fac0d65f377459193603c169b589f06c23df52ecf1d9429313a8781f5cf6804d98dd7929a2cfe467e777983e260de91fe3c746acdb0a8665d160ee2a6d94665
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-