General
-
Target
3c6affe9595ac8498af6360aeb3f9281e755c28c1b3297eb770855f08ec88a1e
-
Size
361KB
-
Sample
220703-jc5nmscfa4
-
MD5
71f184786153407c588600179f11a920
-
SHA1
8c8e733df5df5f73f176993b7e5d2e1f4aed1f8c
-
SHA256
3c6affe9595ac8498af6360aeb3f9281e755c28c1b3297eb770855f08ec88a1e
-
SHA512
569bfeb1fa7f970b94b64e277436d7b6ca98c57bd02f480847dba244d3329d0e17a284d6c27935a4ae9460b45ca3b8e64a6357988a5203ab69c9ecbd07c83d4b
Static task
static1
Behavioral task
behavioral1
Sample
3c6affe9595ac8498af6360aeb3f9281e755c28c1b3297eb770855f08ec88a1e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3c6affe9595ac8498af6360aeb3f9281e755c28c1b3297eb770855f08ec88a1e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
1010
diuolirt.at
deopliazae.at
nifredao.com
filokiyurt.at
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
3c6affe9595ac8498af6360aeb3f9281e755c28c1b3297eb770855f08ec88a1e
-
Size
361KB
-
MD5
71f184786153407c588600179f11a920
-
SHA1
8c8e733df5df5f73f176993b7e5d2e1f4aed1f8c
-
SHA256
3c6affe9595ac8498af6360aeb3f9281e755c28c1b3297eb770855f08ec88a1e
-
SHA512
569bfeb1fa7f970b94b64e277436d7b6ca98c57bd02f480847dba244d3329d0e17a284d6c27935a4ae9460b45ca3b8e64a6357988a5203ab69c9ecbd07c83d4b
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-