General
-
Target
2aaf46b89e19e0d67865ed96a16114882b57ff48541b3cf4b611949bd5f241c3
-
Size
361KB
-
Sample
220615-fd8vxahfe5
-
MD5
89fcd562f34d2b8aac582c852c85b2ae
-
SHA1
bf816e7b9be16330f8fd74585ba81821d5b76626
-
SHA256
2aaf46b89e19e0d67865ed96a16114882b57ff48541b3cf4b611949bd5f241c3
-
SHA512
83b10cbecbb7ffd96b1000e36818ae3cefdfa76cc67e68e43bdc0ad661665f816940e5c6d470c641c48255fb9de7d0905392cc2e5aaeaa7eb18fb6ee995cdb14
Static task
static1
Behavioral task
behavioral1
Sample
2aaf46b89e19e0d67865ed96a16114882b57ff48541b3cf4b611949bd5f241c3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2aaf46b89e19e0d67865ed96a16114882b57ff48541b3cf4b611949bd5f241c3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
1010
diuolirt.at
deopliazae.at
nifredao.com
filokiyurt.at
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
2aaf46b89e19e0d67865ed96a16114882b57ff48541b3cf4b611949bd5f241c3
-
Size
361KB
-
MD5
89fcd562f34d2b8aac582c852c85b2ae
-
SHA1
bf816e7b9be16330f8fd74585ba81821d5b76626
-
SHA256
2aaf46b89e19e0d67865ed96a16114882b57ff48541b3cf4b611949bd5f241c3
-
SHA512
83b10cbecbb7ffd96b1000e36818ae3cefdfa76cc67e68e43bdc0ad661665f816940e5c6d470c641c48255fb9de7d0905392cc2e5aaeaa7eb18fb6ee995cdb14
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-