General
-
Target
cc89669a3ca75594456e91595e249f02e41a5b66d1f256a2281804c10ea13c23
-
Size
42KB
-
Sample
220201-k7crsacabj
-
MD5
6eb6ef0ed1b8b345412f9545571042e2
-
SHA1
b9a1945c04610ae72265c5da6ccfe29ca1a4c52e
-
SHA256
cc89669a3ca75594456e91595e249f02e41a5b66d1f256a2281804c10ea13c23
-
SHA512
ca8757eac1449bae293b265c4d3aa14d996e3b0838c86fab330714c02d5da4b8cffb00d3ce3b9600db62c39c7e6dbf3dc099ba0f524a8f614330fb45c35ccee3
Behavioral task
behavioral1
Sample
cc89669a3ca75594456e91595e249f02e41a5b66d1f256a2281804c10ea13c23.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
cc89669a3ca75594456e91595e249f02e41a5b66d1f256a2281804c10ea13c23.dll
Resource
win10v2004-en-20220112
Malware Config
Extracted
gozi_ifsb
8877
outlook.com
xaaorunokee.site
taaorunokee.site
-
base_path
/hreeen/
-
build
250212
-
dga_season
10
-
exe_type
loader
-
extension
.lof
-
server_id
12
Targets
-
-
Target
cc89669a3ca75594456e91595e249f02e41a5b66d1f256a2281804c10ea13c23
-
Size
42KB
-
MD5
6eb6ef0ed1b8b345412f9545571042e2
-
SHA1
b9a1945c04610ae72265c5da6ccfe29ca1a4c52e
-
SHA256
cc89669a3ca75594456e91595e249f02e41a5b66d1f256a2281804c10ea13c23
-
SHA512
ca8757eac1449bae293b265c4d3aa14d996e3b0838c86fab330714c02d5da4b8cffb00d3ce3b9600db62c39c7e6dbf3dc099ba0f524a8f614330fb45c35ccee3
Score10/10-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Sets service image path in registry
-