General
-
Target
d41d05cc157f874f89c574c74c0e2c58
-
Size
739KB
-
Sample
220322-s48daacfck
-
MD5
d41d05cc157f874f89c574c74c0e2c58
-
SHA1
1e0df409d72db144f570b9d8410b544c8670e64d
-
SHA256
0d4702dec67009d0728ce6da88bd91bf5e70a526cf0688cc7c7586937cf06cb2
-
SHA512
fa36e9217d4af43d14870e0fdc380e3ce25674ca0ff55faba604e3b025be06e9c01fadb2807a6809962defc353ca21ea85218115e3624961d6989484115f20ba
Static task
static1
Behavioral task
behavioral1
Sample
d41d05cc157f874f89c574c74c0e2c58.exe
Resource
win7-20220311-en
Malware Config
Extracted
gozi_ifsb
777999
config.edge.skype.com
146.70.35.138
146.70.35.142
-
base_path
/phpadmin/
-
build
250225
-
exe_type
loader
-
extension
.src
-
server_id
50
Extracted
gozi_ifsb
777999
config.edge.skype.com
67.43.234.14
67.43.234.37
67.43.234.47
-
base_path
/images/
-
build
250225
-
exe_type
worker
-
extension
.src
-
server_id
50
Targets
-
-
Target
d41d05cc157f874f89c574c74c0e2c58
-
Size
739KB
-
MD5
d41d05cc157f874f89c574c74c0e2c58
-
SHA1
1e0df409d72db144f570b9d8410b544c8670e64d
-
SHA256
0d4702dec67009d0728ce6da88bd91bf5e70a526cf0688cc7c7586937cf06cb2
-
SHA512
fa36e9217d4af43d14870e0fdc380e3ce25674ca0ff55faba604e3b025be06e9c01fadb2807a6809962defc353ca21ea85218115e3624961d6989484115f20ba
-
suricata: ET MALWARE Ursnif Payload Request (cook32.rar)
suricata: ET MALWARE Ursnif Payload Request (cook32.rar)
-
suricata: ET MALWARE Ursnif Payload Request (cook64.rar)
suricata: ET MALWARE Ursnif Payload Request (cook64.rar)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon
suricata: ET MALWARE Ursnif Variant CnC Beacon
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-