General
-
Target
5ae7937d8333afb2bb950c8f1089e2066954a3127945f52af2e2da58b7273a45
-
Size
1.1MB
-
Sample
220802-b7d56sfdal
-
MD5
5743a543faa8ce02ee4def907c831ddb
-
SHA1
dc385fcecfa2db881008b4a644ca3ef381d4132d
-
SHA256
5ae7937d8333afb2bb950c8f1089e2066954a3127945f52af2e2da58b7273a45
-
SHA512
22173e62fba73fa503127e43e29aea5922e64f19a76533265690dd57b3f036d168ffbeeb18be0067a1ddf33fd205ea528e9704e0f1b6356c8f50a75ddb448b5a
Static task
static1
Behavioral task
behavioral1
Sample
5ae7937d8333afb2bb950c8f1089e2066954a3127945f52af2e2da58b7273a45.dll
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5ae7937d8333afb2bb950c8f1089e2066954a3127945f52af2e2da58b7273a45.dll
Resource
win10v2004-20220721-en
Malware Config
Extracted
gozi_ifsb
1000
http://ey7kuuklgieop2pq.onion
http://shoshanna.at
http://buismashallah.at
-
build
217027
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
5ae7937d8333afb2bb950c8f1089e2066954a3127945f52af2e2da58b7273a45
-
Size
1.1MB
-
MD5
5743a543faa8ce02ee4def907c831ddb
-
SHA1
dc385fcecfa2db881008b4a644ca3ef381d4132d
-
SHA256
5ae7937d8333afb2bb950c8f1089e2066954a3127945f52af2e2da58b7273a45
-
SHA512
22173e62fba73fa503127e43e29aea5922e64f19a76533265690dd57b3f036d168ffbeeb18be0067a1ddf33fd205ea528e9704e0f1b6356c8f50a75ddb448b5a
Score10/10-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-