General
-
Target
dea0b318ee9e32956ce033f216a072d6112b39dab20c5616d157ce524b38b994
-
Size
64KB
-
Sample
220201-kx29pacde3
-
MD5
d7871e818a404134fcd16f5e976f8fd3
-
SHA1
3bba35f05b2077d6fe62950957b00e90ac85359a
-
SHA256
dea0b318ee9e32956ce033f216a072d6112b39dab20c5616d157ce524b38b994
-
SHA512
f380a3009123fa979e7847a5c3318454b8fc5de12a7d9a18671cf463b3933000f48332091ca89005018bad460e2200905985655a7622f7542c771858cbd2fadf
Behavioral task
behavioral1
Sample
dea0b318ee9e32956ce033f216a072d6112b39dab20c5616d157ce524b38b994.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
dea0b318ee9e32956ce033f216a072d6112b39dab20c5616d157ce524b38b994.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
1100
api10.laptok.at/api1
golang.feel500.at/api1
go.in100k.at/api1
-
build
250171
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
730
Targets
-
-
Target
dea0b318ee9e32956ce033f216a072d6112b39dab20c5616d157ce524b38b994
-
Size
64KB
-
MD5
d7871e818a404134fcd16f5e976f8fd3
-
SHA1
3bba35f05b2077d6fe62950957b00e90ac85359a
-
SHA256
dea0b318ee9e32956ce033f216a072d6112b39dab20c5616d157ce524b38b994
-
SHA512
f380a3009123fa979e7847a5c3318454b8fc5de12a7d9a18671cf463b3933000f48332091ca89005018bad460e2200905985655a7622f7542c771858cbd2fadf
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Sets service image path in registry
-