General
-
Target
0061ee159c0bf78d95e3d7f57c7ef59a.exe
-
Size
208KB
-
Sample
220303-kh6nkabgcl
-
MD5
0061ee159c0bf78d95e3d7f57c7ef59a
-
SHA1
42eabe50510470a42e5fa225bc2008fcfe41d1e0
-
SHA256
0ecc98fef3cc72ccc01a959163a42f8976d8b5b13536588d8875722b62b22561
-
SHA512
b5f09359a5b3ab5045cee66f1a3a72da918e0daf8edb86b1447201f6d6f7b86573293514baf0010b2d1e70ea908aace3f565c31e70d2fdd996d9240f77fa3d63
Static task
static1
Behavioral task
behavioral1
Sample
0061ee159c0bf78d95e3d7f57c7ef59a.exe
Resource
win7-20220223-en
Malware Config
Extracted
gozi_ifsb
20000
skype.com/signin
143.198.56.58
-
base_path
/peer/
-
build
250225
-
exe_type
loader
-
extension
.prv
-
server_id
50
Extracted
gozi_ifsb
20000
skype.com/login
143.198.56.58
-
base_path
/images/
-
build
250225
-
exe_type
worker
-
extension
.prv
-
server_id
50
Targets
-
-
Target
0061ee159c0bf78d95e3d7f57c7ef59a.exe
-
Size
208KB
-
MD5
0061ee159c0bf78d95e3d7f57c7ef59a
-
SHA1
42eabe50510470a42e5fa225bc2008fcfe41d1e0
-
SHA256
0ecc98fef3cc72ccc01a959163a42f8976d8b5b13536588d8875722b62b22561
-
SHA512
b5f09359a5b3ab5045cee66f1a3a72da918e0daf8edb86b1447201f6d6f7b86573293514baf0010b2d1e70ea908aace3f565c31e70d2fdd996d9240f77fa3d63
-
suricata: ET MALWARE Ursnif Variant CnC Beacon
suricata: ET MALWARE Ursnif Variant CnC Beacon
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon 3
suricata: ET MALWARE Ursnif Variant CnC Beacon 3
-
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-