General
-
Target
a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c
-
Size
42KB
-
Sample
220201-lhwc9scbfq
-
MD5
cdf3bdc294b699f25b8d6ff8c1a2171e
-
SHA1
bd28cb6aa90934cbaf6fd52c68271c4f4fffbb60
-
SHA256
a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c
-
SHA512
2056e26fa5a4cb6325f6d06ac4ad00289ad7d97610621369fea194a7ba204489120b319a8dac04f1c7674a75758d8076e4b42308aa9c5c5153e4a200d72a86ee
Behavioral task
behavioral1
Sample
a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
8899
microsoft.com/windowsdisabler
https://technoshoper.com
https://avolebukoneh.website
http://technoshoper.com
http://avolebukoneh.website
-
base_path
/glik/
-
build
260216
-
dga_season
10
-
exe_type
loader
-
extension
.lwe
-
server_id
12
Targets
-
-
Target
a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c
-
Size
42KB
-
MD5
cdf3bdc294b699f25b8d6ff8c1a2171e
-
SHA1
bd28cb6aa90934cbaf6fd52c68271c4f4fffbb60
-
SHA256
a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c
-
SHA512
2056e26fa5a4cb6325f6d06ac4ad00289ad7d97610621369fea194a7ba204489120b319a8dac04f1c7674a75758d8076e4b42308aa9c5c5153e4a200d72a86ee
Score10/10-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Sets service image path in registry
-