General
-
Target
f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde
-
Size
64KB
-
Sample
220201-krdn5sbfhq
-
MD5
f1bcffc87555b6bb90a44d4707ba1fdd
-
SHA1
251db636e551e8bb274fc1bb4c2494ab57df3853
-
SHA256
f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde
-
SHA512
d0bf61a32bfccf9e332bd1c63e885eeab4d3b4f1c93dddcddcd353c6563b22a4407a5ab62e92087baacc0788fd739ef511d3a805bbca61261105ecb6051ded29
Behavioral task
behavioral1
Sample
f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
3300
api10.laptok.at/api1
golang.feel500.at/api1
go.in100k.at/api1
-
build
250171
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
730
Targets
-
-
Target
f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde
-
Size
64KB
-
MD5
f1bcffc87555b6bb90a44d4707ba1fdd
-
SHA1
251db636e551e8bb274fc1bb4c2494ab57df3853
-
SHA256
f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde
-
SHA512
d0bf61a32bfccf9e332bd1c63e885eeab4d3b4f1c93dddcddcd353c6563b22a4407a5ab62e92087baacc0788fd739ef511d3a805bbca61261105ecb6051ded29
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Sets service image path in registry
-