General
-
Target
ecc8442d71e5f124b3f368e351a6d5bb094a2f64ecb7618dc233c3fbaae31cb3
-
Size
213KB
-
Sample
220701-hex6xahhc4
-
MD5
dff480cd23f848f857536e74007a4d15
-
SHA1
e5812cb089df331d5904173b8fb632de04d0994c
-
SHA256
ecc8442d71e5f124b3f368e351a6d5bb094a2f64ecb7618dc233c3fbaae31cb3
-
SHA512
5fd4221823d82f207cb92998170fe82889a7a1616ecd3a6feb29dac6a297512cfb8678accbd92f68648191bf9042c57964fddebbfd51c79e136ca7998c6ef1d2
Static task
static1
Behavioral task
behavioral1
Sample
ecc8442d71e5f124b3f368e351a6d5bb094a2f64ecb7618dc233c3fbaae31cb3.exe
Resource
win7-20220414-en
Malware Config
Extracted
gozi_ifsb
2000
foo.fulldin.at/webstore
bat.fulldin.at/webstore
-
build
217107
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
193.183.98.66
89.40.116.230
94.247.43.254
195.10.195.195
8.8.8.8
-
exe_type
loader
-
server_id
550
Targets
-
-
Target
ecc8442d71e5f124b3f368e351a6d5bb094a2f64ecb7618dc233c3fbaae31cb3
-
Size
213KB
-
MD5
dff480cd23f848f857536e74007a4d15
-
SHA1
e5812cb089df331d5904173b8fb632de04d0994c
-
SHA256
ecc8442d71e5f124b3f368e351a6d5bb094a2f64ecb7618dc233c3fbaae31cb3
-
SHA512
5fd4221823d82f207cb92998170fe82889a7a1616ecd3a6feb29dac6a297512cfb8678accbd92f68648191bf9042c57964fddebbfd51c79e136ca7998c6ef1d2
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-