General
-
Target
b2f31da11f71b09e608ed26ea753f9902c34bfe3aab10564c32b0e18807b0d80
-
Size
236KB
-
Sample
220524-bm536aegfk
-
MD5
cd3e8f625447c987565b58e755ad6a0c
-
SHA1
07046245417656c09f2510eaa707771dcf08409e
-
SHA256
b2f31da11f71b09e608ed26ea753f9902c34bfe3aab10564c32b0e18807b0d80
-
SHA512
9b998533a773a63616be38820fab72ffd2d693d08b69bb60b99e0eca09afe75abb78e975ac081ffca47bb389fde0d0ba9016cdc2cbe39a086966c169afe29df6
Static task
static1
Behavioral task
behavioral1
Sample
b2f31da11f71b09e608ed26ea753f9902c34bfe3aab10564c32b0e18807b0d80.exe
Resource
win7-20220414-en
Malware Config
Extracted
gozi_ifsb
2000
foo.fulldin.at/webstore
bat.fulldin.at/webstore
-
build
217107
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
193.183.98.66
89.40.116.230
94.247.43.254
195.10.195.195
8.8.8.8
-
exe_type
loader
-
server_id
550
Targets
-
-
Target
b2f31da11f71b09e608ed26ea753f9902c34bfe3aab10564c32b0e18807b0d80
-
Size
236KB
-
MD5
cd3e8f625447c987565b58e755ad6a0c
-
SHA1
07046245417656c09f2510eaa707771dcf08409e
-
SHA256
b2f31da11f71b09e608ed26ea753f9902c34bfe3aab10564c32b0e18807b0d80
-
SHA512
9b998533a773a63616be38820fab72ffd2d693d08b69bb60b99e0eca09afe75abb78e975ac081ffca47bb389fde0d0ba9016cdc2cbe39a086966c169afe29df6
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-