General
-
Target
208ed3ea9472bbe3eb1ee998d6e8880efaa22a548f4dc175b58ac65f74efdba1
-
Size
488KB
-
Sample
220612-pcmqqaback
-
MD5
6653dc0c530660190ef929f046241233
-
SHA1
d1b7a0df02afa111752e5b8008e6a7a2fd32abc5
-
SHA256
208ed3ea9472bbe3eb1ee998d6e8880efaa22a548f4dc175b58ac65f74efdba1
-
SHA512
d87c1f9fead07efd921a2bab41bec9f255bbbdfc36d10fc875e394aa374193b55eca3c80513af4085c525433be3f172e9c9aecdd188ed75e16594e7647d5c92a
Static task
static1
Behavioral task
behavioral1
Sample
208ed3ea9472bbe3eb1ee998d6e8880efaa22a548f4dc175b58ac65f74efdba1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
208ed3ea9472bbe3eb1ee998d6e8880efaa22a548f4dc175b58ac65f74efdba1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
-
build
214963
Targets
-
-
Target
208ed3ea9472bbe3eb1ee998d6e8880efaa22a548f4dc175b58ac65f74efdba1
-
Size
488KB
-
MD5
6653dc0c530660190ef929f046241233
-
SHA1
d1b7a0df02afa111752e5b8008e6a7a2fd32abc5
-
SHA256
208ed3ea9472bbe3eb1ee998d6e8880efaa22a548f4dc175b58ac65f74efdba1
-
SHA512
d87c1f9fead07efd921a2bab41bec9f255bbbdfc36d10fc875e394aa374193b55eca3c80513af4085c525433be3f172e9c9aecdd188ed75e16594e7647d5c92a
Score10/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-