General
-
Target
463aa416fbdc52fec03c0d238997a4699d765b5023246816b8a8d8efd32a9f8f
-
Size
247KB
-
Sample
220707-ldzvwschg4
-
MD5
8ca975c4f8bb576f6b6b18b842509f27
-
SHA1
1ba1152336570c93a3779718127ad24f5b72244d
-
SHA256
463aa416fbdc52fec03c0d238997a4699d765b5023246816b8a8d8efd32a9f8f
-
SHA512
e3ec514873b30e9aa049936c8615c6cf6b37cd38e6bf86044454357a8563798ed5ddf7df722a0b7f14ea18d68603fda2c23707496f8f57bc19d00bcf0eb18823
Static task
static1
Behavioral task
behavioral1
Sample
463aa416fbdc52fec03c0d238997a4699d765b5023246816b8a8d8efd32a9f8f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
463aa416fbdc52fec03c0d238997a4699d765b5023246816b8a8d8efd32a9f8f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
1000
musicvideotips.ru
musicvideoporntips.ru
-
exe_type
worker
Targets
-
-
Target
463aa416fbdc52fec03c0d238997a4699d765b5023246816b8a8d8efd32a9f8f
-
Size
247KB
-
MD5
8ca975c4f8bb576f6b6b18b842509f27
-
SHA1
1ba1152336570c93a3779718127ad24f5b72244d
-
SHA256
463aa416fbdc52fec03c0d238997a4699d765b5023246816b8a8d8efd32a9f8f
-
SHA512
e3ec514873b30e9aa049936c8615c6cf6b37cd38e6bf86044454357a8563798ed5ddf7df722a0b7f14ea18d68603fda2c23707496f8f57bc19d00bcf0eb18823
Score10/10-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-