General
-
Target
3a25ac74307f2358212c1cf753a9ae3ff548737ee6c6c0a789ca07464038bb5a
-
Size
361KB
-
Sample
220625-hcxglahfcl
-
MD5
1e4e3ab0d662c3f8a47c67ed427a154f
-
SHA1
c96cf36141dd1a2a88bcaf3881f233a40854fb2b
-
SHA256
3a25ac74307f2358212c1cf753a9ae3ff548737ee6c6c0a789ca07464038bb5a
-
SHA512
879ac733fc2cfd57561ce65a92bab41d47484da3b7e7e2c430359bfa0301f1f3fcf253d181ed1bc7fbf20861b35cdc871acc9cf461909e69936fadaa58c4936e
Static task
static1
Behavioral task
behavioral1
Sample
3a25ac74307f2358212c1cf753a9ae3ff548737ee6c6c0a789ca07464038bb5a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3a25ac74307f2358212c1cf753a9ae3ff548737ee6c6c0a789ca07464038bb5a.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
1010
diuolirt.at
deopliazae.at
nifredao.com
filokiyurt.at
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
3a25ac74307f2358212c1cf753a9ae3ff548737ee6c6c0a789ca07464038bb5a
-
Size
361KB
-
MD5
1e4e3ab0d662c3f8a47c67ed427a154f
-
SHA1
c96cf36141dd1a2a88bcaf3881f233a40854fb2b
-
SHA256
3a25ac74307f2358212c1cf753a9ae3ff548737ee6c6c0a789ca07464038bb5a
-
SHA512
879ac733fc2cfd57561ce65a92bab41d47484da3b7e7e2c430359bfa0301f1f3fcf253d181ed1bc7fbf20861b35cdc871acc9cf461909e69936fadaa58c4936e
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-