General
-
Target
5061f35b959d1a36808515a9ef02fa92b54bd0448e38c5d9eeab3a89d5c5e97a
-
Size
134KB
-
Sample
220719-dsdxzahdfl
-
MD5
8a1495c8f27d36165e01cfa54468f34b
-
SHA1
ef62f4c1cb28610e75664b53ddccfcd0e80a6b9d
-
SHA256
5061f35b959d1a36808515a9ef02fa92b54bd0448e38c5d9eeab3a89d5c5e97a
-
SHA512
44b7ea57d88c4ae27029b2564a5250fcfe157bb6a702ead1a654b57e21b957919217dffa16efe4ee9e56c66f5ef0a04821fe7791c5df6a4312e22b4623f10206
Static task
static1
Behavioral task
behavioral1
Sample
5061f35b959d1a36808515a9ef02fa92b54bd0448e38c5d9eeab3a89d5c5e97a.exe
Resource
win7-20220718-en
Malware Config
Extracted
gozi_ifsb
2000
api2.doter.at/webstore
beetfeetlife.bit/webstore
in.extermas.at/webstore
ax.zaravid.at/webstore
g2.ex100p.at/webstore
gif.doter.at/webstore
extra.avareg.cn/webstore
foo.avaregio.at/webstore
op.iovbased.at/webstore
ws.doter.at/webstore
f1.cnboal.at/webstore
xxx.doolap.at/webstore
-
build
217061
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
51.255.48.78
8.8.8.8
192.71.245.208
51.15.98.97
178.17.170.179
193.183.98.66
207.148.83.241
111.67.20.8
103.236.162.119
142.4.205.47
213.136.85.253
159.89.249.249
82.196.9.45
-
exe_type
loader
-
server_id
550
Targets
-
-
Target
5061f35b959d1a36808515a9ef02fa92b54bd0448e38c5d9eeab3a89d5c5e97a
-
Size
134KB
-
MD5
8a1495c8f27d36165e01cfa54468f34b
-
SHA1
ef62f4c1cb28610e75664b53ddccfcd0e80a6b9d
-
SHA256
5061f35b959d1a36808515a9ef02fa92b54bd0448e38c5d9eeab3a89d5c5e97a
-
SHA512
44b7ea57d88c4ae27029b2564a5250fcfe157bb6a702ead1a654b57e21b957919217dffa16efe4ee9e56c66f5ef0a04821fe7791c5df6a4312e22b4623f10206
-