General
-
Target
SecuriteInfo.com.Suspicious.Win32.Save.a.31250.26774
-
Size
208KB
-
Sample
220302-2ljrmsgdg3
-
MD5
83c0ef52beab49e8094e11b315220f78
-
SHA1
9996f592ddc8aa205113f2d611ef3e3aca1ba13b
-
SHA256
ca46cdaacb0f193d203f135cd546310e06125405c9c44648f10f1dbcdb343ca0
-
SHA512
9310ad1a4069e4c8e5700b04f6170fcb8129b4ec16711539546693310a4576305bb6bc5e95626ed029311123e7b99f63e9a60acd5564b5ee3eb52cd8b4b5b9cb
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Suspicious.Win32.Save.a.31250.exe
Resource
win7-20220223-en
Malware Config
Extracted
gozi_ifsb
20000
skype.com/signin
143.198.56.58
-
base_path
/peer/
-
build
250225
-
exe_type
loader
-
extension
.prv
-
server_id
50
Extracted
gozi_ifsb
20000
skype.com/login
143.198.56.58
-
base_path
/images/
-
build
250225
-
exe_type
worker
-
extension
.prv
-
server_id
50
Targets
-
-
Target
SecuriteInfo.com.Suspicious.Win32.Save.a.31250.26774
-
Size
208KB
-
MD5
83c0ef52beab49e8094e11b315220f78
-
SHA1
9996f592ddc8aa205113f2d611ef3e3aca1ba13b
-
SHA256
ca46cdaacb0f193d203f135cd546310e06125405c9c44648f10f1dbcdb343ca0
-
SHA512
9310ad1a4069e4c8e5700b04f6170fcb8129b4ec16711539546693310a4576305bb6bc5e95626ed029311123e7b99f63e9a60acd5564b5ee3eb52cd8b4b5b9cb
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-