General
-
Target
0db1f05c21f621b8ff4ec4b958d62000.exe
-
Size
647KB
-
Sample
220623-ggv9naefc3
-
MD5
0db1f05c21f621b8ff4ec4b958d62000
-
SHA1
9e03ea20ab36ebd07e887d5d5a8467d266908b31
-
SHA256
cfc28c18307134fd44181c705df55653e24114fe5c58788c18f50613ae08da01
-
SHA512
dd7107d9f4e313f85083e7f9710e38022873c22642f8a1a04f35f08285852aef2b2c271168f8af0fd8c62c179e3af7ab7a3d1b51a3441bd072544a0ff3ef07ac
Static task
static1
Behavioral task
behavioral1
Sample
0db1f05c21f621b8ff4ec4b958d62000.exe
Resource
win7-20220414-en
Malware Config
Extracted
gozi_ifsb
20000
apghn.msn.com
188.126.76.221
-
base_path
/budweiser/
-
build
250235
-
exe_type
loader
-
extension
.bbu
-
server_id
50
Extracted
gozi_ifsb
20000
apggn.msn.com
188.126.76.221
aphgn.msn.com
176.97.65.105
-
base_path
/budweiser/
-
build
250235
-
exe_type
worker
-
extension
.bbu
-
server_id
50
Targets
-
-
Target
0db1f05c21f621b8ff4ec4b958d62000.exe
-
Size
647KB
-
MD5
0db1f05c21f621b8ff4ec4b958d62000
-
SHA1
9e03ea20ab36ebd07e887d5d5a8467d266908b31
-
SHA256
cfc28c18307134fd44181c705df55653e24114fe5c58788c18f50613ae08da01
-
SHA512
dd7107d9f4e313f85083e7f9710e38022873c22642f8a1a04f35f08285852aef2b2c271168f8af0fd8c62c179e3af7ab7a3d1b51a3441bd072544a0ff3ef07ac
-
suricata: ET MALWARE Ursnif Payload Request (cook32.rar)
suricata: ET MALWARE Ursnif Payload Request (cook32.rar)
-
suricata: ET MALWARE Ursnif Payload Request (cook64.rar)
suricata: ET MALWARE Ursnif Payload Request (cook64.rar)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
suricata: ET MALWARE Ursnif Variant CnC Data Exfil
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-