General
-
Target
5b71b3b94c28409d7c4ef7cb39bfe83f4d32163dfcc1b528d18dd95e3c181fca
-
Size
382KB
-
Sample
220801-wb2xksfec7
-
MD5
8ede3ace8c115bd3a4fd26bd23c35422
-
SHA1
a4662431d9c9df3df2eff18bdc5a447ece712e35
-
SHA256
5b71b3b94c28409d7c4ef7cb39bfe83f4d32163dfcc1b528d18dd95e3c181fca
-
SHA512
9b432eb1e20218ada551c20679acaa73547f28bd4f893f84229701b6e2a3fd381fdd9d52d410d392ab27a7a5710f649c56da0eca9120e653c8f90f9c70c00984
Static task
static1
Behavioral task
behavioral1
Sample
5b71b3b94c28409d7c4ef7cb39bfe83f4d32163dfcc1b528d18dd95e3c181fca.exe
Resource
win7-20220718-en
Malware Config
Extracted
gozi_ifsb
1010
sys.cozmoattire.com/bcms/assets/img
sys.nahualbrand.com/bcms/assets/img
sys.devaneyengineering.com/bcms/assets/img
sys.3earth.us/bcms/assets/img
sys.tartsandcraftsshop.com/bcms/assets/img
lansystemstat.com/bcms/assets/img
highnetwork.pw/bcms/assets/img
lostnetwork.in/bcms/assets/img
sysconnections.net/bcms/assets/img
lansupports.com/bcms/assets/img
-
exe_type
worker
-
server_id
35
Targets
-
-
Target
5b71b3b94c28409d7c4ef7cb39bfe83f4d32163dfcc1b528d18dd95e3c181fca
-
Size
382KB
-
MD5
8ede3ace8c115bd3a4fd26bd23c35422
-
SHA1
a4662431d9c9df3df2eff18bdc5a447ece712e35
-
SHA256
5b71b3b94c28409d7c4ef7cb39bfe83f4d32163dfcc1b528d18dd95e3c181fca
-
SHA512
9b432eb1e20218ada551c20679acaa73547f28bd4f893f84229701b6e2a3fd381fdd9d52d410d392ab27a7a5710f649c56da0eca9120e653c8f90f9c70c00984
-
Suspicious use of SetThreadContext
-