General
-
Target
3b3c2bbd44645af71db243bdb80635e8ab9e5c6c830d1362ad0fbb439c22c4f3
-
Size
369KB
-
Sample
220703-vp6x1sbgg5
-
MD5
506e018cc6924a36703773cfe8310746
-
SHA1
3ade716c25d6c7417316687dfd16af63b85eb3b5
-
SHA256
3b3c2bbd44645af71db243bdb80635e8ab9e5c6c830d1362ad0fbb439c22c4f3
-
SHA512
62032047608c35cf94e561b8501330723165300dc86262023eb312dab6f1b49c81c26e25e7c121591b79f9a1be40df158a7e788108c7b339270d9e60681d4baa
Static task
static1
Behavioral task
behavioral1
Sample
3b3c2bbd44645af71db243bdb80635e8ab9e5c6c830d1362ad0fbb439c22c4f3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3b3c2bbd44645af71db243bdb80635e8ab9e5c6c830d1362ad0fbb439c22c4f3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
1000
dipsitripsikey70.com/adwordsdata/dropbox/xxx
underbulletkey77.com/adwordsdata/dropbox/xxx
statisticaregger32.com/adwordsdata/dropbox/xxx
-
exe_type
worker
Targets
-
-
Target
3b3c2bbd44645af71db243bdb80635e8ab9e5c6c830d1362ad0fbb439c22c4f3
-
Size
369KB
-
MD5
506e018cc6924a36703773cfe8310746
-
SHA1
3ade716c25d6c7417316687dfd16af63b85eb3b5
-
SHA256
3b3c2bbd44645af71db243bdb80635e8ab9e5c6c830d1362ad0fbb439c22c4f3
-
SHA512
62032047608c35cf94e561b8501330723165300dc86262023eb312dab6f1b49c81c26e25e7c121591b79f9a1be40df158a7e788108c7b339270d9e60681d4baa
Score10/10-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-