General
-
Target
62ea3f935563b.dll
-
Size
300KB
-
Sample
220803-lf232aafem
-
MD5
614e312af0e5de7c6b9819e3a1c766d4
-
SHA1
01e384618d8eadb244184e66e6450752ea0ceade
-
SHA256
982ff4dcc3dc076b3c40f5cd5993d05f7578dd83b631146105b3840864c76203
-
SHA512
362b32fbc61baf1c757f72d61e582e2741553eda4de022311757a0732a23edabafbcd6affdab97c49d5e1378587b16f1d6730fd9446c801d791056896414d302
Static task
static1
Behavioral task
behavioral1
Sample
62ea3f935563b.dll
Resource
win7-20220715-en
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
37.120.206.71
37.120.206.84
193.106.191.163
-
base_path
/drew/
-
build
250240
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi_ifsb
3000
37.120.206.91
37.120.206.95
havefuntxmm.at
5.42.199.57
xerkdeoleone.at
-
base_path
/images/
-
build
250240
-
exe_type
worker
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
62ea3f935563b.dll
-
Size
300KB
-
MD5
614e312af0e5de7c6b9819e3a1c766d4
-
SHA1
01e384618d8eadb244184e66e6450752ea0ceade
-
SHA256
982ff4dcc3dc076b3c40f5cd5993d05f7578dd83b631146105b3840864c76203
-
SHA512
362b32fbc61baf1c757f72d61e582e2741553eda4de022311757a0732a23edabafbcd6affdab97c49d5e1378587b16f1d6730fd9446c801d791056896414d302
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-