General
-
Target
61b85f6868015.tiff
-
Size
1.7MB
-
Sample
211214-k498wafdh9
-
MD5
84a5ac47cc293aecccee498ea2babf5a
-
SHA1
7bf025a300cb8ec2dfdd431dc35726de2da87eba
-
SHA256
c22549f613c75598c303b06f21c96a93c3e9fa8599278564cacc1139f9bf1fbd
-
SHA512
332a8a659a6ba97b1784eb42f385fe4fcc78362c35978b597bb2a74461c6d7b72f00c59acd5b3f7515203ab3dc2f50f078154d4a1920f547831f23267f242274
Static task
static1
Behavioral task
behavioral1
Sample
61b85f6868015.tiff.dll
Resource
win7-en-20211208
Malware Config
Extracted
gozi_ifsb
8899
microsoft.com/windowsdisabler
windows.update3.com
berukoneru.website
gerukoneru.website
fortunarah.com
assets.msn.com
http://microsoft.com
79.110.52.217
79.110.52.215
45.9.20.190
45.9.20.128
aerukoneru.site
serukoneru.site
yerukoneru.site
karfaganda.com
-
base_path
/tire/
-
build
260222
-
dga_season
10
-
exe_type
loader
-
extension
.eta
-
server_id
12
Targets
-
-
Target
61b85f6868015.tiff
-
Size
1.7MB
-
MD5
84a5ac47cc293aecccee498ea2babf5a
-
SHA1
7bf025a300cb8ec2dfdd431dc35726de2da87eba
-
SHA256
c22549f613c75598c303b06f21c96a93c3e9fa8599278564cacc1139f9bf1fbd
-
SHA512
332a8a659a6ba97b1784eb42f385fe4fcc78362c35978b597bb2a74461c6d7b72f00c59acd5b3f7515203ab3dc2f50f078154d4a1920f547831f23267f242274
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-