General
-
Target
62418993a4f7f.dll
-
Size
528KB
-
Sample
220328-l8g9bshdh8
-
MD5
bb9dc919d8be2b646f5e7625b92876fc
-
SHA1
e2b555b256a9f827f68dc6e71942a09d0d7e69ff
-
SHA256
da266d429a932be228984ed5b0a0b030e5c33493bd6ef6a90bce9502eec38473
-
SHA512
82f08e0c882dbe6be2bc745f5da4e148637ef5bf8851cdc5360fa0c7d82ff0ab372c565af9e36f32a20bd4533a704be30634da059075b4a014c58090604b176e
Static task
static1
Behavioral task
behavioral1
Sample
62418993a4f7f.dll
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
62418993a4f7f.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
46.30.43.44
185.154.52.213
185.154.53.38
-
base_path
/drew/
-
build
250225
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi_ifsb
3000
config.edge.skype.com
185.154.53.58
cabrioxmdes.at
hopexmder.net
185.154.53.49
193.56.146.189
-
base_path
/images/
-
exe_type
worker
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
62418993a4f7f.dll
-
Size
528KB
-
MD5
bb9dc919d8be2b646f5e7625b92876fc
-
SHA1
e2b555b256a9f827f68dc6e71942a09d0d7e69ff
-
SHA256
da266d429a932be228984ed5b0a0b030e5c33493bd6ef6a90bce9502eec38473
-
SHA512
82f08e0c882dbe6be2bc745f5da4e148637ef5bf8851cdc5360fa0c7d82ff0ab372c565af9e36f32a20bd4533a704be30634da059075b4a014c58090604b176e
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-