General
-
Target
1fff952471f5670932a1445340514a6e07869b5320fd17b3c635c00fabe1e402
-
Size
388KB
-
Sample
220612-rahebsebhj
-
MD5
3bfea3a7fa0dd19639673f4c32110fa8
-
SHA1
2a4ec7c4dac2618059c30071ac6b07d41a3bbc2b
-
SHA256
1fff952471f5670932a1445340514a6e07869b5320fd17b3c635c00fabe1e402
-
SHA512
05c991717a320dbdb8268957111748599a848ee6d3ce3d2b02a99dd361d1d891c26cf1f881b0aa781b6ea3167ebe06e7fc1e3bc471be960ff6a13b15ecb74d81
Static task
static1
Behavioral task
behavioral1
Sample
1fff952471f5670932a1445340514a6e07869b5320fd17b3c635c00fabe1e402.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1fff952471f5670932a1445340514a6e07869b5320fd17b3c635c00fabe1e402.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
1010
diuolirt.at
deopliazae.at
nifredao.com
filokiyurt.at
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
1fff952471f5670932a1445340514a6e07869b5320fd17b3c635c00fabe1e402
-
Size
388KB
-
MD5
3bfea3a7fa0dd19639673f4c32110fa8
-
SHA1
2a4ec7c4dac2618059c30071ac6b07d41a3bbc2b
-
SHA256
1fff952471f5670932a1445340514a6e07869b5320fd17b3c635c00fabe1e402
-
SHA512
05c991717a320dbdb8268957111748599a848ee6d3ce3d2b02a99dd361d1d891c26cf1f881b0aa781b6ea3167ebe06e7fc1e3bc471be960ff6a13b15ecb74d81
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-