General
-
Target
b4966efca7172b4236468b47735f1de8a44b094eb9ac6101cb4ca84cf128400e
-
Size
41KB
-
Sample
220201-leeakscbbq
-
MD5
1bbb719ff6dfa35fc4fc297ef873228b
-
SHA1
a5f856ae20dd7d84484b4b62c9e1898f833f0f28
-
SHA256
b4966efca7172b4236468b47735f1de8a44b094eb9ac6101cb4ca84cf128400e
-
SHA512
58a5ed179dc9cc2926a45fe093ea9c0af1ef3bb3778ebfb1506063fd0aec0df10099f3aa06c7abff0da49b91d3df94d7f0f81dc6ef01f4385c096e8cc72cfbc9
Behavioral task
behavioral1
Sample
b4966efca7172b4236468b47735f1de8a44b094eb9ac6101cb4ca84cf128400e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
b4966efca7172b4236468b47735f1de8a44b094eb9ac6101cb4ca84cf128400e.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
8899
microsoft.com/windowsdisabler
windows.update3.com
grmalo.site
-
base_path
/kraus/
-
build
260222
-
dga_season
10
-
exe_type
loader
-
extension
.jpe
-
server_id
12
Targets
-
-
Target
b4966efca7172b4236468b47735f1de8a44b094eb9ac6101cb4ca84cf128400e
-
Size
41KB
-
MD5
1bbb719ff6dfa35fc4fc297ef873228b
-
SHA1
a5f856ae20dd7d84484b4b62c9e1898f833f0f28
-
SHA256
b4966efca7172b4236468b47735f1de8a44b094eb9ac6101cb4ca84cf128400e
-
SHA512
58a5ed179dc9cc2926a45fe093ea9c0af1ef3bb3778ebfb1506063fd0aec0df10099f3aa06c7abff0da49b91d3df94d7f0f81dc6ef01f4385c096e8cc72cfbc9
Score10/10-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Sets service image path in registry
-