General
-
Target
4dd36263992917f2d88bc8afd9ba55fa0bd52cef38414a4071eaa713fc765061
-
Size
42KB
-
Sample
220201-mggddscghm
-
MD5
18e1a808cec738eefbe0c9a546be601e
-
SHA1
e2f2861833c4e8e243fb771f3c1cd2dda62e4db2
-
SHA256
4dd36263992917f2d88bc8afd9ba55fa0bd52cef38414a4071eaa713fc765061
-
SHA512
f894c92d50dc4fa61127c23409854940e5639dcaeb5bba117d724f1a1e8f441376e7bb12adc828f38db5e7acf2c13195c803b30d214e7bcc367b0f9c9ebdea7b
Behavioral task
behavioral1
Sample
4dd36263992917f2d88bc8afd9ba55fa0bd52cef38414a4071eaa713fc765061.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
4dd36263992917f2d88bc8afd9ba55fa0bd52cef38414a4071eaa713fc765061.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
8899
msn.com/login
vloderuniok.website
gloderuniok.website
-
base_path
/jkloio/
-
build
260212
-
dga_season
10
-
exe_type
loader
-
extension
.lko
-
server_id
12
Targets
-
-
Target
4dd36263992917f2d88bc8afd9ba55fa0bd52cef38414a4071eaa713fc765061
-
Size
42KB
-
MD5
18e1a808cec738eefbe0c9a546be601e
-
SHA1
e2f2861833c4e8e243fb771f3c1cd2dda62e4db2
-
SHA256
4dd36263992917f2d88bc8afd9ba55fa0bd52cef38414a4071eaa713fc765061
-
SHA512
f894c92d50dc4fa61127c23409854940e5639dcaeb5bba117d724f1a1e8f441376e7bb12adc828f38db5e7acf2c13195c803b30d214e7bcc367b0f9c9ebdea7b
Score10/10-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
Sets service image path in registry
-