General
-
Target
5ea26dac1374c00472c64c6e2b68688eb7c090bc831026c6386db28555e6b05d
-
Size
388KB
-
Sample
220731-yerl5aded3
-
MD5
5031ce596f9f1898fe11cfa7e8858795
-
SHA1
ed60c8e01112ae2ae731a34703e241138bd6575d
-
SHA256
5ea26dac1374c00472c64c6e2b68688eb7c090bc831026c6386db28555e6b05d
-
SHA512
1bb76a86527720dd7cae237d0f7a8c70583cc9a2fc02dea287f5d60557657343d05487ef7ffe156efda1f09721f7b8a5a00b52cee88f283e2506bec6d9b9284f
Static task
static1
Behavioral task
behavioral1
Sample
5ea26dac1374c00472c64c6e2b68688eb7c090bc831026c6386db28555e6b05d.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5ea26dac1374c00472c64c6e2b68688eb7c090bc831026c6386db28555e6b05d.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
gozi_ifsb
1010
diuolirt.at
deopliazae.at
nifredao.com
filokiyurt.at
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
5ea26dac1374c00472c64c6e2b68688eb7c090bc831026c6386db28555e6b05d
-
Size
388KB
-
MD5
5031ce596f9f1898fe11cfa7e8858795
-
SHA1
ed60c8e01112ae2ae731a34703e241138bd6575d
-
SHA256
5ea26dac1374c00472c64c6e2b68688eb7c090bc831026c6386db28555e6b05d
-
SHA512
1bb76a86527720dd7cae237d0f7a8c70583cc9a2fc02dea287f5d60557657343d05487ef7ffe156efda1f09721f7b8a5a00b52cee88f283e2506bec6d9b9284f
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-