General
-
Target
41ff7a77daa0cdcb6e0d2c3c9c2e1e217ed5f291660837940f77965d59b06aa6
-
Size
223KB
-
Sample
220201-a5dwysehb6
-
MD5
9e46c465b536cde41ba37d91150f3932
-
SHA1
7c8c2e9150d63be0c7c2bbb07eb1cb3fb667d91e
-
SHA256
41ff7a77daa0cdcb6e0d2c3c9c2e1e217ed5f291660837940f77965d59b06aa6
-
SHA512
04f94a5103c543091b052aebd89e22cd0a46fe3ddcd1abe8748eb465eba08845eb10f069aeec3e748041f8f62add0cfccc66196840aaaf8429466447b60595dc
Behavioral task
behavioral1
Sample
41ff7a77daa0cdcb6e0d2c3c9c2e1e217ed5f291660837940f77965d59b06aa6.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
41ff7a77daa0cdcb6e0d2c3c9c2e1e217ed5f291660837940f77965d59b06aa6.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
2002
download1.avira.com
jensjen.ws
karakstr.in
vutingerta.cc
lohnessin.to
mamfurtesa.pw
fullbasserts.co
likositenida.tk
rupies100.cn
kikoneen.io
lampenshutze.mn
trumphujtebevrot.bit
-
base_path
/images/
-
dga_season
10
-
dns_servers
107.174.86.134
107.175.127.22
-
exe_type
worker
-
extension
.avi
-
server_id
12
Targets
-
-
Target
41ff7a77daa0cdcb6e0d2c3c9c2e1e217ed5f291660837940f77965d59b06aa6
-
Size
223KB
-
MD5
9e46c465b536cde41ba37d91150f3932
-
SHA1
7c8c2e9150d63be0c7c2bbb07eb1cb3fb667d91e
-
SHA256
41ff7a77daa0cdcb6e0d2c3c9c2e1e217ed5f291660837940f77965d59b06aa6
-
SHA512
04f94a5103c543091b052aebd89e22cd0a46fe3ddcd1abe8748eb465eba08845eb10f069aeec3e748041f8f62add0cfccc66196840aaaf8429466447b60595dc
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Sets service image path in registry
-