General
-
Target
7d5f04aea5411b157bc3e7f36d6e19a9a5f4d8ca50fc1159bad0037337dece70
-
Size
120KB
-
Sample
220325-vgavlsfbgm
-
MD5
555dfca943f26613846a13b40d9f6866
-
SHA1
7957870c1cd14580c542a19ed61cc9626b40b0b4
-
SHA256
9b2d71d688360545fe08715fdafa49900877724421d041e830262e351939eb89
-
SHA512
734c7b102578175c0230fe6eed6f43a70969aa07099fbd0236aee0d74e3f015f8007c400948d73cdc1b8196e039be8de113e8e6c2b141e5993dd648415aae23b
Static task
static1
Behavioral task
behavioral1
Sample
7d5f04aea5411b157bc3e7f36d6e19a9a5f4d8ca50fc1159bad0037337dece70.exe
Resource
win7-20220311-en
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
194.76.226.200
giporedtrip.at
habpfans.at
31.214.157.187
-
base_path
/drew/
-
build
250225
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
7d5f04aea5411b157bc3e7f36d6e19a9a5f4d8ca50fc1159bad0037337dece70
-
Size
120KB
-
MD5
555dfca943f26613846a13b40d9f6866
-
SHA1
7957870c1cd14580c542a19ed61cc9626b40b0b4
-
SHA256
9b2d71d688360545fe08715fdafa49900877724421d041e830262e351939eb89
-
SHA512
734c7b102578175c0230fe6eed6f43a70969aa07099fbd0236aee0d74e3f015f8007c400948d73cdc1b8196e039be8de113e8e6c2b141e5993dd648415aae23b
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-