General
-
Target
9e8b8ce88417468f4e33a710f3a86e471eb1017b296ad23f60e8b0dbccbe1e84
-
Size
41KB
-
Sample
220201-llj5eaccbl
-
MD5
84b948969c42b4c90afc366f92036815
-
SHA1
650a5c26882bf234ec723bac05403f0d49f2f8e0
-
SHA256
9e8b8ce88417468f4e33a710f3a86e471eb1017b296ad23f60e8b0dbccbe1e84
-
SHA512
eb25221a99f52bc867dfe1f69477167ff7a7937427d898e1bcf577fe8ce0a13873b6e74d34f082e6ba84da64b6f0681d14378541dbe50a0de3c89cd892665ed3
Behavioral task
behavioral1
Sample
9e8b8ce88417468f4e33a710f3a86e471eb1017b296ad23f60e8b0dbccbe1e84.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
9e8b8ce88417468f4e33a710f3a86e471eb1017b296ad23f60e8b0dbccbe1e84.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
6000
http://microsoft.com/updates
http://microsoft.com/pure
https://lovemoneylave.com
https://crazyfronfinancial.com
http://lovemoneylave.com
http://crazyfronfinancial.com
-
base_path
/glik/
-
build
260216
-
dga_season
10
-
exe_type
loader
-
extension
.lwe
-
server_id
12
Targets
-
-
Target
9e8b8ce88417468f4e33a710f3a86e471eb1017b296ad23f60e8b0dbccbe1e84
-
Size
41KB
-
MD5
84b948969c42b4c90afc366f92036815
-
SHA1
650a5c26882bf234ec723bac05403f0d49f2f8e0
-
SHA256
9e8b8ce88417468f4e33a710f3a86e471eb1017b296ad23f60e8b0dbccbe1e84
-
SHA512
eb25221a99f52bc867dfe1f69477167ff7a7937427d898e1bcf577fe8ce0a13873b6e74d34f082e6ba84da64b6f0681d14378541dbe50a0de3c89cd892665ed3
Score10/10-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
Sets service image path in registry
-