General
-
Target
39eea40fdc333ea98b9c03a4b2dc435fc1b03068746d8b996524a30acd8601cc
-
Size
370KB
-
Sample
220625-h6kd5aahfq
-
MD5
6bafe8c77eff3053b5aa90804fe98070
-
SHA1
86ea85a8593df980171d01716f81d9a032f55c09
-
SHA256
39eea40fdc333ea98b9c03a4b2dc435fc1b03068746d8b996524a30acd8601cc
-
SHA512
e682e56c9e8d77ce293bad91dea309b5c02b723602f8b2793c5fff8703f521af52d3e1b14185631532937d64eede360901b3a2a1b07e46c3aac4699176f9d045
Static task
static1
Behavioral task
behavioral1
Sample
39eea40fdc333ea98b9c03a4b2dc435fc1b03068746d8b996524a30acd8601cc.exe
Resource
win7-20220414-en
Malware Config
Extracted
gozi_ifsb
-
build
217061
Extracted
gozi_ifsb
2000
intro.tir001.at/rpc
doa.quappak.at/rpc
api.siperskon.at/rpc
io.tir001.at/rpc
ytruieowphf.bit/rpc
u2.ceelop.at/rpc
enter.nokartoon.at/rpc
api.nwq2000.at/rpc
cd.iqwoker.at/rpc
api.fin150.at/rpc
chat.loop1000.at/rpc
chat.iqwoker.at/rpc
mahono.cn/rpc
-
build
217061
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
192.71.245.208
8.8.8.8
178.17.170.179
82.196.9.45
151.80.222.79
68.183.70.217
217.144.135.7
158.69.160.164
207.148.83.241
5.189.170.196
217.144.132.148
94.247.43.254
188.165.200.156
159.89.249.249
150.249.149.222
-
exe_type
loader
-
server_id
150
Targets
-
-
Target
39eea40fdc333ea98b9c03a4b2dc435fc1b03068746d8b996524a30acd8601cc
-
Size
370KB
-
MD5
6bafe8c77eff3053b5aa90804fe98070
-
SHA1
86ea85a8593df980171d01716f81d9a032f55c09
-
SHA256
39eea40fdc333ea98b9c03a4b2dc435fc1b03068746d8b996524a30acd8601cc
-
SHA512
e682e56c9e8d77ce293bad91dea309b5c02b723602f8b2793c5fff8703f521af52d3e1b14185631532937d64eede360901b3a2a1b07e46c3aac4699176f9d045
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-