General
-
Target
80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
-
Size
273KB
-
Sample
211021-lntfvsahfn
-
MD5
54cd7479c93e54ce8c9784b8b1a0392b
-
SHA1
c3e15e023c4ae835789b82befbe328ae137417ea
-
SHA256
80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
-
SHA512
cea67d7c1094b107a83c607196d9d4d16e0d7d6b7e5cdaa81d83e52422a9194203680d65b44c106c46a8e47dc6251fe292930e9fcc8b757b7d5242383286afbb
Static task
static1
Malware Config
Extracted
gozi_ifsb
10003
127.0.0.1
-
build
214711
-
dga_base_url
z1.zedo.com/robots.txt
-
dga_crc
0xf24ca29e
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
-
Size
273KB
-
MD5
54cd7479c93e54ce8c9784b8b1a0392b
-
SHA1
c3e15e023c4ae835789b82befbe328ae137417ea
-
SHA256
80e3a54e37f5e83b8bdab98b2ca765baaecb72c303fe44bc85ab85e7ece76764
-
SHA512
cea67d7c1094b107a83c607196d9d4d16e0d7d6b7e5cdaa81d83e52422a9194203680d65b44c106c46a8e47dc6251fe292930e9fcc8b757b7d5242383286afbb
-
Executes dropped EXE
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-