General
-
Target
5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4
-
Size
658KB
-
Sample
220701-eh3n1sbahj
-
MD5
5cecd52c5f7a3a95392c2065e22a65ab
-
SHA1
295c122ecaa4239532320f0deff4aa94ed92e207
-
SHA256
5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4
-
SHA512
a064a5bbd139b8115b37463904126aeab354facfe99c46bb1aed0f8dffabd91a03fe190772b9253f57f5061a75506018c12dfa0bcabee5e957151287bc2385a0
Static task
static1
Behavioral task
behavioral1
Sample
5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4.exe
Resource
win7-20220414-en
Malware Config
Extracted
gozi_ifsb
1011
http://h33a7jzovxp2dxfg.onion
http://check.vivianmaierphotos.com
http://mysweetdream.site
http://marcoplfind.at
http://maildeliveryyboys1.at
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4
-
Size
658KB
-
MD5
5cecd52c5f7a3a95392c2065e22a65ab
-
SHA1
295c122ecaa4239532320f0deff4aa94ed92e207
-
SHA256
5f01a4866431a17095c1b4b0eb6b6cd4ad221d4ff12bb2466280347abe3b13c4
-
SHA512
a064a5bbd139b8115b37463904126aeab354facfe99c46bb1aed0f8dffabd91a03fe190772b9253f57f5061a75506018c12dfa0bcabee5e957151287bc2385a0
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-