General
-
Target
273e3375059410c1509cb182c93c79777ee3a78e883d61f29e927eefbd6a935f
-
Size
351KB
-
Sample
220616-f76yeagbb7
-
MD5
28b4415fbd22fa233b2b788bd316c40b
-
SHA1
6f37174d8ec69155f292299504704d8fd07bf27b
-
SHA256
273e3375059410c1509cb182c93c79777ee3a78e883d61f29e927eefbd6a935f
-
SHA512
dc0195291847dcedb599e0c472bea9dc3ee7b126827511942dc2b27c307a9f08b41fe33c8a923ef3ce7e2097f9288a45cf6196c42cd045f053b0465bef2da2b6
Static task
static1
Behavioral task
behavioral1
Sample
273e3375059410c1509cb182c93c79777ee3a78e883d61f29e927eefbd6a935f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
273e3375059410c1509cb182c93c79777ee3a78e883d61f29e927eefbd6a935f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
1010
diuolirt.at
deopliazae.at
nifredao.com
filokiyurt.at
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
273e3375059410c1509cb182c93c79777ee3a78e883d61f29e927eefbd6a935f
-
Size
351KB
-
MD5
28b4415fbd22fa233b2b788bd316c40b
-
SHA1
6f37174d8ec69155f292299504704d8fd07bf27b
-
SHA256
273e3375059410c1509cb182c93c79777ee3a78e883d61f29e927eefbd6a935f
-
SHA512
dc0195291847dcedb599e0c472bea9dc3ee7b126827511942dc2b27c307a9f08b41fe33c8a923ef3ce7e2097f9288a45cf6196c42cd045f053b0465bef2da2b6
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-