General
-
Target
0809a74e769d69d7c061cdaf71013b335a0220bec1f135a02927e0e7af32df9d
-
Size
391KB
-
Sample
220530-3m5k6sfab6
-
MD5
423b32ae38b2580f4538057260c6ea97
-
SHA1
257d25308e21fc3049a231680b988554628a82a8
-
SHA256
0809a74e769d69d7c061cdaf71013b335a0220bec1f135a02927e0e7af32df9d
-
SHA512
2a1509fd1457863cfa68a19509ea6ee7fcda6ff0b3bd7155c24a67c99ab76cc66627f1451485e19b2c8a5c2c9624d0f9af3102bb522cef8a8bcaa0226527cf33
Static task
static1
Behavioral task
behavioral1
Sample
0809a74e769d69d7c061cdaf71013b335a0220bec1f135a02927e0e7af32df9d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0809a74e769d69d7c061cdaf71013b335a0220bec1f135a02927e0e7af32df9d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
1010
diuolirt.at
deopliazae.at
nifredao.com
filokiyurt.at
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
0809a74e769d69d7c061cdaf71013b335a0220bec1f135a02927e0e7af32df9d
-
Size
391KB
-
MD5
423b32ae38b2580f4538057260c6ea97
-
SHA1
257d25308e21fc3049a231680b988554628a82a8
-
SHA256
0809a74e769d69d7c061cdaf71013b335a0220bec1f135a02927e0e7af32df9d
-
SHA512
2a1509fd1457863cfa68a19509ea6ee7fcda6ff0b3bd7155c24a67c99ab76cc66627f1451485e19b2c8a5c2c9624d0f9af3102bb522cef8a8bcaa0226527cf33
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-