General
-
Target
3c181213b4ce99bf4329a9bf6c880199ef971531f164c0f2e570ab3b0e7d5304
-
Size
1.1MB
-
Sample
220703-kjrk2acccr
-
MD5
b91e58d4b7dbf84c497a25dceca80366
-
SHA1
d13c7920c28a9dc2677b238f1ad5b2d6526a16c5
-
SHA256
3c181213b4ce99bf4329a9bf6c880199ef971531f164c0f2e570ab3b0e7d5304
-
SHA512
dce948f35a4e065f48fe30a58185ba32b1d00029f55306cab9a0fbc5f5f0c0a2a677c035f6e31bd499e1f905d88b1fcb40dbdb70745b1832ae9e5f0f36a89473
Static task
static1
Behavioral task
behavioral1
Sample
3c181213b4ce99bf4329a9bf6c880199ef971531f164c0f2e570ab3b0e7d5304.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3c181213b4ce99bf4329a9bf6c880199ef971531f164c0f2e570ab3b0e7d5304.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
1000
http://ey7kuuklgieop2pq.onion
http://shoshanna.at
http://buismashallah.at
-
build
217027
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
3c181213b4ce99bf4329a9bf6c880199ef971531f164c0f2e570ab3b0e7d5304
-
Size
1.1MB
-
MD5
b91e58d4b7dbf84c497a25dceca80366
-
SHA1
d13c7920c28a9dc2677b238f1ad5b2d6526a16c5
-
SHA256
3c181213b4ce99bf4329a9bf6c880199ef971531f164c0f2e570ab3b0e7d5304
-
SHA512
dce948f35a4e065f48fe30a58185ba32b1d00029f55306cab9a0fbc5f5f0c0a2a677c035f6e31bd499e1f905d88b1fcb40dbdb70745b1832ae9e5f0f36a89473
Score10/10-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-