General
-
Target
20dee76fff8f3f55bcf4c4f24e4a891dbf6a9eca96f61d34392ff170eb380510
-
Size
449KB
-
Sample
220612-mfa5zsdbh5
-
MD5
b63bff90e6a55c4a404a8a48d076de45
-
SHA1
ffcecd29b2b85d02e83f63273ab6b7110516a242
-
SHA256
20dee76fff8f3f55bcf4c4f24e4a891dbf6a9eca96f61d34392ff170eb380510
-
SHA512
3ad8ec6f8af275fee086f9748ad7de6bb645759043da68d78fb544a14dd286fe55d84885cd99772eebee53c2dbe984c6d9759347136ad2d5839ee9f01a78f565
Static task
static1
Behavioral task
behavioral1
Sample
20dee76fff8f3f55bcf4c4f24e4a891dbf6a9eca96f61d34392ff170eb380510.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
20dee76fff8f3f55bcf4c4f24e4a891dbf6a9eca96f61d34392ff170eb380510.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
-
build
214963
Targets
-
-
Target
20dee76fff8f3f55bcf4c4f24e4a891dbf6a9eca96f61d34392ff170eb380510
-
Size
449KB
-
MD5
b63bff90e6a55c4a404a8a48d076de45
-
SHA1
ffcecd29b2b85d02e83f63273ab6b7110516a242
-
SHA256
20dee76fff8f3f55bcf4c4f24e4a891dbf6a9eca96f61d34392ff170eb380510
-
SHA512
3ad8ec6f8af275fee086f9748ad7de6bb645759043da68d78fb544a14dd286fe55d84885cd99772eebee53c2dbe984c6d9759347136ad2d5839ee9f01a78f565
Score10/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-