General
-
Target
706fe556dda1a54720c9229c9da70c676b877f2e891c5baa9575bb49286f01af
-
Size
260KB
-
Sample
220201-a3a3aaecdm
-
MD5
180399358e2f9e3d55e85781888507a8
-
SHA1
3a9b010dea92c6e86a0932587786f2e5feb40f9d
-
SHA256
706fe556dda1a54720c9229c9da70c676b877f2e891c5baa9575bb49286f01af
-
SHA512
076b0343200f8fc5e6b100a717a910f992c62b144e9d505dc58252c96296b803dfe64844f942c60f05ae37ce2ccc2214013aac2218b0658e755a18a383da9aca
Behavioral task
behavioral1
Sample
706fe556dda1a54720c9229c9da70c676b877f2e891c5baa9575bb49286f01af.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
706fe556dda1a54720c9229c9da70c676b877f2e891c5baa9575bb49286f01af.dll
Resource
win10v2004-en-20220112
Malware Config
Extracted
gozi_ifsb
2200
api3.lepini.at/api1
app.crasa.at/api1
g4xp7aanksu6qgci.onion/api1
g8.farihon.at/api1
hop.feen007.at/api1
l35sr5h5jl7xrh2q.onion/api1
ram.unici.at/api1
kol.frencko.at/api1
chat.pinole.at/api1
6buzj3jmnvrak4lh.onion/api1
c56.lepini.at/api1
cd1.novand.at/api1
wert.paratim.at/api1
-
build
250180
-
exe_type
worker
-
server_id
730
Targets
-
-
Target
706fe556dda1a54720c9229c9da70c676b877f2e891c5baa9575bb49286f01af
-
Size
260KB
-
MD5
180399358e2f9e3d55e85781888507a8
-
SHA1
3a9b010dea92c6e86a0932587786f2e5feb40f9d
-
SHA256
706fe556dda1a54720c9229c9da70c676b877f2e891c5baa9575bb49286f01af
-
SHA512
076b0343200f8fc5e6b100a717a910f992c62b144e9d505dc58252c96296b803dfe64844f942c60f05ae37ce2ccc2214013aac2218b0658e755a18a383da9aca
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Sets service image path in registry
-