General
-
Target
250224.exe
-
Size
36KB
-
Sample
220304-j8er4aeag4
-
MD5
8a303945bd046ffb8e2e8c45af7c4429
-
SHA1
d815f5d692d655ff2e5e5d1edf7e39cad1833d8b
-
SHA256
029940bbdcf98c98a682c7e0af998b58aced8e0530fffc4caf97f466544f66ab
-
SHA512
27b0b87ef17d9a3386ff41349dc55984e38b4e45b14472d1b49cdeb30b71947f5edef4c4a86d28e7d68739865b58e21c2d8e5aaefe4dd1b7fdd84676d527edfd
Behavioral task
behavioral1
Sample
250224.exe
Resource
win7-20220223-en
Malware Config
Extracted
gozi_ifsb
20000
skype.com/signin
143.198.56.58
-
base_path
/peer/
-
build
250225
-
exe_type
loader
-
extension
.prv
-
server_id
50
Extracted
gozi_ifsb
20000
skype.com/login
143.198.56.58
-
base_path
/images/
-
build
250225
-
exe_type
worker
-
extension
.prv
-
server_id
50
Targets
-
-
Target
250224.exe
-
Size
36KB
-
MD5
8a303945bd046ffb8e2e8c45af7c4429
-
SHA1
d815f5d692d655ff2e5e5d1edf7e39cad1833d8b
-
SHA256
029940bbdcf98c98a682c7e0af998b58aced8e0530fffc4caf97f466544f66ab
-
SHA512
27b0b87ef17d9a3386ff41349dc55984e38b4e45b14472d1b49cdeb30b71947f5edef4c4a86d28e7d68739865b58e21c2d8e5aaefe4dd1b7fdd84676d527edfd
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-