General
-
Target
23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec
-
Size
222KB
-
Sample
220201-a6rt7sehd8
-
MD5
4cc0ab0723d94bf572c33ac7af89edba
-
SHA1
657f84c00323f99128856df23ea593d13addfbd5
-
SHA256
23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec
-
SHA512
8fdb7055e2098fc7ae814921d7128c215bf803a0ec1beb51b4d8ce6982a14aacf405cd3d3ff206a9a9834686eea147ad5251f4adcee065cdb9b9808d76570be2
Behavioral task
behavioral1
Sample
23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
8877
microsoft.com/blog
195.123.213.53
185.186.244.85
185.186.246.32
dsakdjehrjwekrew.website
dasdfrjnkrnfjkwerrwe.website
-
base_path
/images/
-
dga_season
10
-
dns_servers
107.174.86.134
107.175.127.22
-
exe_type
worker
-
extension
.avi
-
server_id
12
Targets
-
-
Target
23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec
-
Size
222KB
-
MD5
4cc0ab0723d94bf572c33ac7af89edba
-
SHA1
657f84c00323f99128856df23ea593d13addfbd5
-
SHA256
23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec
-
SHA512
8fdb7055e2098fc7ae814921d7128c215bf803a0ec1beb51b4d8ce6982a14aacf405cd3d3ff206a9a9834686eea147ad5251f4adcee065cdb9b9808d76570be2
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Sets service image path in registry
-