General
-
Target
5dcb54ca7fb41c64c898b10db8a2752ea661d9334f5b41086767a928da73f5b5
-
Size
236KB
-
Sample
220201-a35lwsecel
-
MD5
abe0a4505d373e42bb373d64de450b53
-
SHA1
392d5333cbbe712d6fc634c3f88d780b83c639b5
-
SHA256
5dcb54ca7fb41c64c898b10db8a2752ea661d9334f5b41086767a928da73f5b5
-
SHA512
eb10a7f175d177366d02ded648e66f6e944a2836150a3847e8dc3d7df02b07d6c623dec0d8978a99bd226158e303821c02c5e41b228c153d84e6530d20ff683c
Behavioral task
behavioral1
Sample
5dcb54ca7fb41c64c898b10db8a2752ea661d9334f5b41086767a928da73f5b5.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5dcb54ca7fb41c64c898b10db8a2752ea661d9334f5b41086767a928da73f5b5.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
8877
microsoft.com/blog
195.123.213.53
185.186.244.85
185.186.246.32
dsakdjehrjwekrew.website
dasdfrjnkrnfjkwerrwe.website
-
base_path
/images/
-
dga_season
10
-
dns_servers
107.174.86.134
107.175.127.22
-
exe_type
worker
-
extension
.avi
-
server_id
12
Targets
-
-
Target
5dcb54ca7fb41c64c898b10db8a2752ea661d9334f5b41086767a928da73f5b5
-
Size
236KB
-
MD5
abe0a4505d373e42bb373d64de450b53
-
SHA1
392d5333cbbe712d6fc634c3f88d780b83c639b5
-
SHA256
5dcb54ca7fb41c64c898b10db8a2752ea661d9334f5b41086767a928da73f5b5
-
SHA512
eb10a7f175d177366d02ded648e66f6e944a2836150a3847e8dc3d7df02b07d6c623dec0d8978a99bd226158e303821c02c5e41b228c153d84e6530d20ff683c
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Sets service image path in registry
-