General
-
Target
62416ea45e088.rar
-
Size
496KB
-
Sample
220328-j516xshbc5
-
MD5
56af6074a589ed0fd684f0fd097887d4
-
SHA1
6f3669d58b2744e12a3aa94f9782f6965efbf344
-
SHA256
1a16288bf4484b2a6692dcb7244942d7bea94ce3597c175910f91cc2b2613365
-
SHA512
afa70c982215e80596fbb2e4a5a39f765e61b2080946c178aebbe4d165ed9d8aa668715854fa0056d9bd3dda40e9eb0049839345b0d6c3f5400dcb924990b725
Static task
static1
Behavioral task
behavioral1
Sample
62416ea45e088.dll
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
62416ea45e088.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
46.30.43.44
185.154.52.213
185.154.53.38
-
base_path
/drew/
-
build
250225
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi_ifsb
3000
config.edge.skype.com
185.154.53.58
cabrioxmdes.at
hopexmder.net
185.154.53.49
193.56.146.189
-
base_path
/images/
-
exe_type
worker
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
62416ea45e088.rar
-
Size
496KB
-
MD5
56af6074a589ed0fd684f0fd097887d4
-
SHA1
6f3669d58b2744e12a3aa94f9782f6965efbf344
-
SHA256
1a16288bf4484b2a6692dcb7244942d7bea94ce3597c175910f91cc2b2613365
-
SHA512
afa70c982215e80596fbb2e4a5a39f765e61b2080946c178aebbe4d165ed9d8aa668715854fa0056d9bd3dda40e9eb0049839345b0d6c3f5400dcb924990b725
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-