General
-
Target
0e6184e40acf662c11929bad831a0f161a939607823412008285099b02ff873d
-
Size
277KB
-
Sample
220604-xs4ceacbe3
-
MD5
a9763873ac3fbf46a96171034942c81f
-
SHA1
61d42bf0377dd299af3af8e5fbec299a7e48a242
-
SHA256
0e6184e40acf662c11929bad831a0f161a939607823412008285099b02ff873d
-
SHA512
c85e8b446f3c6ed4948f56b731c360e72b5f85feab5aca4c4e1af527b5714304ed471184256b35c8a75925735cabe6f97537d32c48641310e002af373890ac6e
Static task
static1
Behavioral task
behavioral1
Sample
0e6184e40acf662c11929bad831a0f161a939607823412008285099b02ff873d.exe
Resource
win7-20220414-en
Malware Config
Extracted
gozi_ifsb
2000
foo.fulldin.at/webstore
bat.fulldin.at/webstore
-
build
217107
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
8.8.8.8
195.10.195.195
8.8.4.4
193.183.98.66
172.104.136.243
94.247.43.254
-
exe_type
loader
-
server_id
550
Targets
-
-
Target
0e6184e40acf662c11929bad831a0f161a939607823412008285099b02ff873d
-
Size
277KB
-
MD5
a9763873ac3fbf46a96171034942c81f
-
SHA1
61d42bf0377dd299af3af8e5fbec299a7e48a242
-
SHA256
0e6184e40acf662c11929bad831a0f161a939607823412008285099b02ff873d
-
SHA512
c85e8b446f3c6ed4948f56b731c360e72b5f85feab5aca4c4e1af527b5714304ed471184256b35c8a75925735cabe6f97537d32c48641310e002af373890ac6e
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-