General
-
Target
4cf9322c49adebf63311a599dc225bbcbf16a253eca59bbe1a02e4ae1d824412
-
Size
427KB
-
Sample
220712-e3ahzabaem
-
MD5
2eb14920c75d5e73264f77cfa273ad2c
-
SHA1
6c5360d41bd2b14b1565f5b18e5c203cf512e493
-
SHA256
4cf9322c49adebf63311a599dc225bbcbf16a253eca59bbe1a02e4ae1d824412
-
SHA512
d02e405f61e4c4d5797fad492f28621acdbdbfa2c8238a74538b264dba6c847435c900502889e7bbc6f9bcb5d68858d52bb7b8243c6117884540fbe7e35aff20
Static task
static1
Behavioral task
behavioral1
Sample
4cf9322c49adebf63311a599dc225bbcbf16a253eca59bbe1a02e4ae1d824412.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4cf9322c49adebf63311a599dc225bbcbf16a253eca59bbe1a02e4ae1d824412.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
gozi_ifsb
-
build
214745
Extracted
gozi_ifsb
1020
base.convertspendingtocash.com/htue503dt
base.makaniri.com/htue503dt
base.parhao.com/htue503dt
base.elliott-smith.net/htue503dt
executenet.pw/htue503dt
-
build
214745
-
exe_type
worker
-
server_id
60
Targets
-
-
Target
4cf9322c49adebf63311a599dc225bbcbf16a253eca59bbe1a02e4ae1d824412
-
Size
427KB
-
MD5
2eb14920c75d5e73264f77cfa273ad2c
-
SHA1
6c5360d41bd2b14b1565f5b18e5c203cf512e493
-
SHA256
4cf9322c49adebf63311a599dc225bbcbf16a253eca59bbe1a02e4ae1d824412
-
SHA512
d02e405f61e4c4d5797fad492f28621acdbdbfa2c8238a74538b264dba6c847435c900502889e7bbc6f9bcb5d68858d52bb7b8243c6117884540fbe7e35aff20
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-