General
-
Target
5b1141dfb2a6554a478d47d9e6fadd663b2a67f86d0d4aaa476f4d7cc6f0ebf9
-
Size
424KB
-
Sample
220802-bk29gscgg3
-
MD5
4d3969a62ce0f6d3d5b417c670f866ea
-
SHA1
1dc8ebae020c1c859eb1f75a1cf500d4caac4c5e
-
SHA256
5b1141dfb2a6554a478d47d9e6fadd663b2a67f86d0d4aaa476f4d7cc6f0ebf9
-
SHA512
f1c6c616a2483c3b20c1eada734bc02a067cbcce5f032431f227d70b06851b0f2e024526bbe39624510bfa164bc8d8dd1eac0c45009902cc207f1a09a1688614
Static task
static1
Behavioral task
behavioral1
Sample
5b1141dfb2a6554a478d47d9e6fadd663b2a67f86d0d4aaa476f4d7cc6f0ebf9.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5b1141dfb2a6554a478d47d9e6fadd663b2a67f86d0d4aaa476f4d7cc6f0ebf9.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
gozi_ifsb
1092
awd.byfaithchurch.org
-
build
215797
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
5b1141dfb2a6554a478d47d9e6fadd663b2a67f86d0d4aaa476f4d7cc6f0ebf9
-
Size
424KB
-
MD5
4d3969a62ce0f6d3d5b417c670f866ea
-
SHA1
1dc8ebae020c1c859eb1f75a1cf500d4caac4c5e
-
SHA256
5b1141dfb2a6554a478d47d9e6fadd663b2a67f86d0d4aaa476f4d7cc6f0ebf9
-
SHA512
f1c6c616a2483c3b20c1eada734bc02a067cbcce5f032431f227d70b06851b0f2e024526bbe39624510bfa164bc8d8dd1eac0c45009902cc207f1a09a1688614
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-