General
-
Target
3a6c4a466f072c8fb1b98dad22a2d66b9433261f515fafb21427755b5bd1d666
-
Size
388KB
-
Sample
220625-eg7lksdbhk
-
MD5
44e4017f47dce2d2925124bb2116166c
-
SHA1
f5efde405de07ca60afe67ee6f5e53538195fd23
-
SHA256
3a6c4a466f072c8fb1b98dad22a2d66b9433261f515fafb21427755b5bd1d666
-
SHA512
be68a64aee0a1d5241012d5cde84432274d08217628ab65e131e842e29c33b382ff5c3b4d390cf4a493b4304ae6ba06f1547e02eb22099b27a85135553cf2a75
Static task
static1
Behavioral task
behavioral1
Sample
3a6c4a466f072c8fb1b98dad22a2d66b9433261f515fafb21427755b5bd1d666.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3a6c4a466f072c8fb1b98dad22a2d66b9433261f515fafb21427755b5bd1d666.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
1010
diuolirt.at
deopliazae.at
nifredao.com
filokiyurt.at
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
3a6c4a466f072c8fb1b98dad22a2d66b9433261f515fafb21427755b5bd1d666
-
Size
388KB
-
MD5
44e4017f47dce2d2925124bb2116166c
-
SHA1
f5efde405de07ca60afe67ee6f5e53538195fd23
-
SHA256
3a6c4a466f072c8fb1b98dad22a2d66b9433261f515fafb21427755b5bd1d666
-
SHA512
be68a64aee0a1d5241012d5cde84432274d08217628ab65e131e842e29c33b382ff5c3b4d390cf4a493b4304ae6ba06f1547e02eb22099b27a85135553cf2a75
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-