General
-
Target
noarch.pdf.zip
-
Size
54KB
-
Sample
220215-nj9y6afffj
-
MD5
65e36136b8d55aa0c06301142040db5e
-
SHA1
a940739823fb6f65773ab9a5ea19d727122b8928
-
SHA256
aef43e285b2ce7f8cc0e4f219779b14f461bf78c422f1d7d69bce17a50b9017c
-
SHA512
2bb4b2d4a6c653bfafb52ca13bc44f3bbbe2cf069a6182c5820f60b5755db1f0cbe526ca9620770a7f87ebf8b3b658e2fd70b3a8c970c44a5687f6662b84db9a
Static task
static1
Behavioral task
behavioral1
Sample
noarch.exe
Resource
win7-en-20211208
Malware Config
Extracted
gozi_ifsb
2022
update.kaspersky.com
plunger.in
update.fortinet.com
blancs.ws
piepes.in
csite.ws
-
base_path
/drew/
-
build
250224
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
noarch.pdf
-
Size
116KB
-
MD5
8e539148cc1cec69e938ca025d7e973e
-
SHA1
6602b9ef993d16c33c2ca69e15e0212130ce59dd
-
SHA256
076209217dd62413bbe4fb40f9be740a0a732f54418e378547972dcb3681922a
-
SHA512
c960eb056c9850d1878f7cacd624938e9b4a12e6ef057ba5a1033c92a5bf00b2e7b69ae8d3f02e6d5900a5a9c2bdd202d437cef250ef0a57a00234d3c64866df
-
Suspicious use of SetThreadContext
-