General
-
Target
9e5008090eaf25c0fe58e220e7a1276e5501279da4bb782f92c90f465f4838cc
-
Size
293KB
-
Sample
220204-xbggbaeaal
-
MD5
24513d582f685ab9fb8183b9f34812ac
-
SHA1
b29ee2eb5b6ef34bbd3de96edc57a30424478d3e
-
SHA256
9e5008090eaf25c0fe58e220e7a1276e5501279da4bb782f92c90f465f4838cc
-
SHA512
46cf04d30900842ba7d883f583be688586c04a46e161eeab1308570aa41bde09cde9eac7be7f19e147898c7639f8af11378d3463f7593a2f898232bf91872cc8
Static task
static1
Behavioral task
behavioral1
Sample
9e5008090eaf25c0fe58e220e7a1276e5501279da4bb782f92c90f465f4838cc.exe
Resource
win7-en-20211208
Malware Config
Extracted
gozi_ifsb
-
build
214098
Extracted
gozi_ifsb
3504
google.com
gmail.com
javisoacso.com
x64jeffery5359.com
d68davontezb.top
-
build
214098
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
Targets
-
-
Target
9e5008090eaf25c0fe58e220e7a1276e5501279da4bb782f92c90f465f4838cc
-
Size
293KB
-
MD5
24513d582f685ab9fb8183b9f34812ac
-
SHA1
b29ee2eb5b6ef34bbd3de96edc57a30424478d3e
-
SHA256
9e5008090eaf25c0fe58e220e7a1276e5501279da4bb782f92c90f465f4838cc
-
SHA512
46cf04d30900842ba7d883f583be688586c04a46e161eeab1308570aa41bde09cde9eac7be7f19e147898c7639f8af11378d3463f7593a2f898232bf91872cc8
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Sets service image path in registry
-