General
-
Target
d542f42c7e9bae39dbc62fcf0b923c5799e62fabb83db84d8a77b21f166ebfcd
-
Size
278KB
-
Sample
220724-vv97maccc7
-
MD5
da8b3b22c13e74d16d50164ccaabb836
-
SHA1
17c97b21bc79d15708661e77eff83c5b9f002b03
-
SHA256
d542f42c7e9bae39dbc62fcf0b923c5799e62fabb83db84d8a77b21f166ebfcd
-
SHA512
8fa5d8f4965fd6f929da3a5cc742c84a14581b9c2a22f3fa6c0c461a36d279b7617c22888e5199045beab3b5887a70ac8935f4f8ba4196e5fa204c517a1bbe04
Static task
static1
Behavioral task
behavioral1
Sample
d542f42c7e9bae39dbc62fcf0b923c5799e62fabb83db84d8a77b21f166ebfcd.exe
Resource
win7-20220718-en
Malware Config
Extracted
gozi_ifsb
2000
has.votaritar.at/webstore
-
build
217094
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
8.8.8.8
195.10.195.195
8.8.4.4
95.216.174.175
193.30.123.44
94.247.43.254
-
exe_type
loader
-
server_id
550
Targets
-
-
Target
d542f42c7e9bae39dbc62fcf0b923c5799e62fabb83db84d8a77b21f166ebfcd
-
Size
278KB
-
MD5
da8b3b22c13e74d16d50164ccaabb836
-
SHA1
17c97b21bc79d15708661e77eff83c5b9f002b03
-
SHA256
d542f42c7e9bae39dbc62fcf0b923c5799e62fabb83db84d8a77b21f166ebfcd
-
SHA512
8fa5d8f4965fd6f929da3a5cc742c84a14581b9c2a22f3fa6c0c461a36d279b7617c22888e5199045beab3b5887a70ac8935f4f8ba4196e5fa204c517a1bbe04
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-