General
-
Target
l0V19y95
-
Size
717B
-
Sample
220525-tdgy3sffar
-
MD5
54e9306f95f32e50ccd58af19753d929
-
SHA1
eab9457321f34d4dcf7d4a0ac83edc9131bf7c57
-
SHA256
45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72
-
SHA512
8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f
Static task
static1
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
176.10.119.68
176.10.119.81
-
base_path
/drew/
-
build
250229
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi_ifsb
3000
config.edge.skype.com
cabrioxmdes.at
gamexperts.net
37.10.71.138
185.158.250.51
-
base_path
/images/
-
exe_type
worker
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
l0V19y95
-
Size
717B
-
MD5
54e9306f95f32e50ccd58af19753d929
-
SHA1
eab9457321f34d4dcf7d4a0ac83edc9131bf7c57
-
SHA256
45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72
-
SHA512
8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f
-
suricata: ET MALWARE Ursnif Variant CnC Beacon
suricata: ET MALWARE Ursnif Variant CnC Beacon
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-