General
-
Target
5c65f662c38032bdb43e3822fd346240d6caadc9a16e047806fafb253475c447
-
Size
222KB
-
Sample
220215-pykhgsgccn
-
MD5
a170bdf372a5df4ba8b9b50fc81b9b81
-
SHA1
14f162af3858983efa3e4e58d88727d09274d680
-
SHA256
5c65f662c38032bdb43e3822fd346240d6caadc9a16e047806fafb253475c447
-
SHA512
c0817c33a30f31b8a22f32cd2eafa17b1fa00da2b2047a87f57f568484de3e9e734bfd8078f6fb0ac7b86ccc2df7eed45fd4706b57877a18c6178e42b62d6031
Behavioral task
behavioral1
Sample
5c65f662c38032bdb43e3822fd346240d6caadc9a16e047806fafb253475c447.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5c65f662c38032bdb43e3822fd346240d6caadc9a16e047806fafb253475c447.dll
Resource
win10v2004-en-20220112
Malware Config
Extracted
gozi_ifsb
9090
http://google.login.com
https://194.67.90.217
https://134.0.118.44
https://134.0.119.89
http://194.67.90.217
http://134.0.118.44
http://134.0.119.89
iudsahbnmddsa.com
siadujhdnmasg.com
idsaujhdndkwq.com
-
base_path
/images/
-
dga_season
10
-
dns_servers
107.174.86.134
107.175.127.22
-
exe_type
worker
-
extension
.avi
-
server_id
12
Targets
-
-
Target
5c65f662c38032bdb43e3822fd346240d6caadc9a16e047806fafb253475c447
-
Size
222KB
-
MD5
a170bdf372a5df4ba8b9b50fc81b9b81
-
SHA1
14f162af3858983efa3e4e58d88727d09274d680
-
SHA256
5c65f662c38032bdb43e3822fd346240d6caadc9a16e047806fafb253475c447
-
SHA512
c0817c33a30f31b8a22f32cd2eafa17b1fa00da2b2047a87f57f568484de3e9e734bfd8078f6fb0ac7b86ccc2df7eed45fd4706b57877a18c6178e42b62d6031
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-