General
-
Target
45d21facb7fc4c29e8c8c85019103b288dd033a6ed643a24560ae9dbd9077af5
-
Size
260KB
-
Sample
220201-a5brlaechl
-
MD5
5fb5a9b0660aabcbd3519703f056a2d7
-
SHA1
d86b1a24ef7e83cf36329157c23be14f512f6605
-
SHA256
45d21facb7fc4c29e8c8c85019103b288dd033a6ed643a24560ae9dbd9077af5
-
SHA512
4347e7a034f6f48eed69df955f4e93506955c78950af40bad69a34de47f816ac4f1963f47864c4f4298d0587c9166b711b2d4c03ac3fe25b997023ba69955e9b
Behavioral task
behavioral1
Sample
45d21facb7fc4c29e8c8c85019103b288dd033a6ed643a24560ae9dbd9077af5.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
45d21facb7fc4c29e8c8c85019103b288dd033a6ed643a24560ae9dbd9077af5.dll
Resource
win10v2004-en-20220112
Malware Config
Extracted
gozi_ifsb
2200
api3.lepini.at/api1
app.crasa.at/api1
g4xp7aanksu6qgci.onion/api1
g8.farihon.at/api1
hop.feen007.at/api1
l35sr5h5jl7xrh2q.onion/api1
ram.unici.at/api1
kol.frencko.at/api1
chat.pinole.at/api1
6buzj3jmnvrak4lh.onion/api1
c56.lepini.at/api1
cd1.novand.at/api1
wert.paratim.at/api1
-
build
250180
-
exe_type
worker
-
server_id
730
Targets
-
-
Target
45d21facb7fc4c29e8c8c85019103b288dd033a6ed643a24560ae9dbd9077af5
-
Size
260KB
-
MD5
5fb5a9b0660aabcbd3519703f056a2d7
-
SHA1
d86b1a24ef7e83cf36329157c23be14f512f6605
-
SHA256
45d21facb7fc4c29e8c8c85019103b288dd033a6ed643a24560ae9dbd9077af5
-
SHA512
4347e7a034f6f48eed69df955f4e93506955c78950af40bad69a34de47f816ac4f1963f47864c4f4298d0587c9166b711b2d4c03ac3fe25b997023ba69955e9b
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Sets service image path in registry
-