General
-
Target
3a9ee4bc7f3ea02691545e64d9630d68
-
Size
432KB
-
Sample
220707-lfww1sbabm
-
MD5
3a9ee4bc7f3ea02691545e64d9630d68
-
SHA1
9596b9362933b763c935a37273927d8779293805
-
SHA256
20351bf93e117a01a601e5fcd6b83250e42e001a81cc9bf660e3079516a30f08
-
SHA512
d4643896737d3d5bd87b5a909d4a08cf5907badc9aa3fcdb77dd05f035a550ca169b92eac8f300a747f04339c4b0aebd3463da567f0348341f0cc27e949389a7
Static task
static1
Behavioral task
behavioral1
Sample
3a9ee4bc7f3ea02691545e64d9630d68.dll
Resource
win7-20220414-en
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
79.110.52.164
79.110.52.97
-
base_path
/drew/
-
build
250239
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
3a9ee4bc7f3ea02691545e64d9630d68
-
Size
432KB
-
MD5
3a9ee4bc7f3ea02691545e64d9630d68
-
SHA1
9596b9362933b763c935a37273927d8779293805
-
SHA256
20351bf93e117a01a601e5fcd6b83250e42e001a81cc9bf660e3079516a30f08
-
SHA512
d4643896737d3d5bd87b5a909d4a08cf5907badc9aa3fcdb77dd05f035a550ca169b92eac8f300a747f04339c4b0aebd3463da567f0348341f0cc27e949389a7
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Blocklisted process makes network request
-