General
-
Target
98b082b4d65dfe4ee5b227575d1c08ef.png
-
Size
215KB
-
Sample
220322-lnvc6aehb5
-
MD5
98b082b4d65dfe4ee5b227575d1c08ef
-
SHA1
21d9d7f91bdab90a3900832404be3bab06e82c03
-
SHA256
e7767ba8bcff3242dd32f880cb59894c3ce5615a2557504db976803cd246354e
-
SHA512
e7e46e85699716dec1aedce1dbc7e995f5507b1de137c77110225e162ac2ffcfeedd50f2e5292302043f445ef0eaf7fc551edcf43a195d815c2c1f15469dc8c1
Static task
static1
Behavioral task
behavioral1
Sample
98b082b4d65dfe4ee5b227575d1c08ef.exe
Resource
win7-20220310-en
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
194.76.226.200
giporedtrip.at
habpfans.at
31.214.157.187
-
base_path
/drew/
-
build
250225
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi_ifsb
3000
config.edge.skype.com
194.76.226.200
giporedtrip.at
habpfans.at
31.214.157.187
-
base_path
/images/
-
exe_type
worker
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
98b082b4d65dfe4ee5b227575d1c08ef.png
-
Size
215KB
-
MD5
98b082b4d65dfe4ee5b227575d1c08ef
-
SHA1
21d9d7f91bdab90a3900832404be3bab06e82c03
-
SHA256
e7767ba8bcff3242dd32f880cb59894c3ce5615a2557504db976803cd246354e
-
SHA512
e7e46e85699716dec1aedce1dbc7e995f5507b1de137c77110225e162ac2ffcfeedd50f2e5292302043f445ef0eaf7fc551edcf43a195d815c2c1f15469dc8c1
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-