General
-
Target
2d73219fe2a30d385d1c42e695d26d513f7ea708d833cc4f045ec204796b5f8a
-
Size
222KB
-
Sample
220201-a6gn8sehd6
-
MD5
02122010b050f9047e1a3220c4627d7e
-
SHA1
f591f87c56fcc34798ab637064bd25121099673a
-
SHA256
2d73219fe2a30d385d1c42e695d26d513f7ea708d833cc4f045ec204796b5f8a
-
SHA512
9c8b855e721da9059b9d0b5c1a75fbdb985cdcc716d49d281ef4e5e480c2a8359575c069fe913487f41ad1f82fb09819072b6768e10e708088c0fd4585e32feb
Behavioral task
behavioral1
Sample
2d73219fe2a30d385d1c42e695d26d513f7ea708d833cc4f045ec204796b5f8a.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
2d73219fe2a30d385d1c42e695d26d513f7ea708d833cc4f045ec204796b5f8a.dll
Resource
win10v2004-en-20220112
Malware Config
Extracted
gozi_ifsb
8877
microsoft.com/blog
195.123.213.53
185.186.244.85
185.186.246.32
dsakdjehrjwekrew.website
dasdfrjnkrnfjkwerrwe.website
-
base_path
/images/
-
dga_season
10
-
dns_servers
107.174.86.134
107.175.127.22
-
exe_type
worker
-
extension
.avi
-
server_id
12
Targets
-
-
Target
2d73219fe2a30d385d1c42e695d26d513f7ea708d833cc4f045ec204796b5f8a
-
Size
222KB
-
MD5
02122010b050f9047e1a3220c4627d7e
-
SHA1
f591f87c56fcc34798ab637064bd25121099673a
-
SHA256
2d73219fe2a30d385d1c42e695d26d513f7ea708d833cc4f045ec204796b5f8a
-
SHA512
9c8b855e721da9059b9d0b5c1a75fbdb985cdcc716d49d281ef4e5e480c2a8359575c069fe913487f41ad1f82fb09819072b6768e10e708088c0fd4585e32feb
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Sets service image path in registry
-