General
-
Target
tmp
-
Size
225KB
-
Sample
220623-mtb97sfdf7
-
MD5
4d0774579b6e4be41c687982347b5a41
-
SHA1
4359e5993bbce3794d0fc1a51a147d2b6b67d7bb
-
SHA256
7ae2c953f8142f668650d11f0bc7f042e249ee8456b2255f71a51a84ca94c756
-
SHA512
ee4177f6624cb932f5e5c5cad0c27eabdb9ed7250e8133d177561c79c82bcba43d3d781db2af85d06fb7899f23158e94abb3b143f62ac971234ef617cd784a28
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
gozi_ifsb
1500
apghn.msn.com
188.126.76.221
-
base_path
/budweiser/
-
build
250235
-
exe_type
loader
-
extension
.bbu
-
server_id
50
Targets
-
-
Target
tmp
-
Size
225KB
-
MD5
4d0774579b6e4be41c687982347b5a41
-
SHA1
4359e5993bbce3794d0fc1a51a147d2b6b67d7bb
-
SHA256
7ae2c953f8142f668650d11f0bc7f042e249ee8456b2255f71a51a84ca94c756
-
SHA512
ee4177f6624cb932f5e5c5cad0c27eabdb9ed7250e8133d177561c79c82bcba43d3d781db2af85d06fb7899f23158e94abb3b143f62ac971234ef617cd784a28
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Suspicious use of SetThreadContext
-