General
-
Target
ssee.exe
-
Size
2.5MB
-
Sample
220304-j283csffdn
-
MD5
b545e2b0fdf47667624c08999c0b873e
-
SHA1
da6f23f5a9fbd123025d6a2b9cd39c2355b7345c
-
SHA256
edb86e9c3d29b3d13c82562dc1aeb1cd7e2c33e2bfcbae30791bf1d1aaf4345f
-
SHA512
908dc1ec45f023e649b9de0cc7cf32f2a02a404012cf78c393dce2b8064350a3ab1b8e541a920a6fdb94a17d05547ad77a1eda6a4e1c204472cf71749e71bda2
Static task
static1
Behavioral task
behavioral1
Sample
ssee.exe
Resource
win7-en-20211208
Malware Config
Extracted
gozi_ifsb
20000
skype.com/signin
143.198.56.58
-
base_path
/peer/
-
build
250225
-
exe_type
loader
-
extension
.prv
-
server_id
50
Extracted
gozi_ifsb
20000
skype.com/login
143.198.56.58
-
base_path
/images/
-
build
250225
-
exe_type
worker
-
extension
.prv
-
server_id
50
Targets
-
-
Target
ssee.exe
-
Size
2.5MB
-
MD5
b545e2b0fdf47667624c08999c0b873e
-
SHA1
da6f23f5a9fbd123025d6a2b9cd39c2355b7345c
-
SHA256
edb86e9c3d29b3d13c82562dc1aeb1cd7e2c33e2bfcbae30791bf1d1aaf4345f
-
SHA512
908dc1ec45f023e649b9de0cc7cf32f2a02a404012cf78c393dce2b8064350a3ab1b8e541a920a6fdb94a17d05547ad77a1eda6a4e1c204472cf71749e71bda2
-
suricata: ET MALWARE Ursnif Variant CnC Beacon
suricata: ET MALWARE Ursnif Variant CnC Beacon
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-