General
-
Target
2cda58093f1ac8dab1702e27aa6662493263a8c80d99360bbf1d6ca60ffbb7fe
-
Size
417KB
-
Sample
220614-1amtgsdgbk
-
MD5
7331d75246a6b080b0554b7999a67ab2
-
SHA1
cf9a0f3a8c5513dd86544a2dc96d9d6c4e5a0766
-
SHA256
2cda58093f1ac8dab1702e27aa6662493263a8c80d99360bbf1d6ca60ffbb7fe
-
SHA512
4b3e9b2b2b069ff58be7af417db78ba245f6eb323650e94d9e44b247a81676994f2a46acf2a426cd37628e91a40bcabcad7e995f7691c0c3af1db26226b4d093
Static task
static1
Behavioral task
behavioral1
Sample
2cda58093f1ac8dab1702e27aa6662493263a8c80d99360bbf1d6ca60ffbb7fe.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2cda58093f1ac8dab1702e27aa6662493263a8c80d99360bbf1d6ca60ffbb7fe.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
1001
31.184.234.74
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
2cda58093f1ac8dab1702e27aa6662493263a8c80d99360bbf1d6ca60ffbb7fe
-
Size
417KB
-
MD5
7331d75246a6b080b0554b7999a67ab2
-
SHA1
cf9a0f3a8c5513dd86544a2dc96d9d6c4e5a0766
-
SHA256
2cda58093f1ac8dab1702e27aa6662493263a8c80d99360bbf1d6ca60ffbb7fe
-
SHA512
4b3e9b2b2b069ff58be7af417db78ba245f6eb323650e94d9e44b247a81676994f2a46acf2a426cd37628e91a40bcabcad7e995f7691c0c3af1db26226b4d093
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-