General
-
Target
8fcfb8f38d8607c57f08f9b39139065f
-
Size
300KB
-
Sample
220803-m1nltabdel
-
MD5
8fcfb8f38d8607c57f08f9b39139065f
-
SHA1
805bb719009145dcc32b5361abf5bb4d91015dbb
-
SHA256
ee46bd47dbd009333a72bc752b3d38d5a87a25f90fef3d4d77515d4fd11f3c8d
-
SHA512
6d02b5338e387185520c45a45434bf5e949fdfd66d484459c3e817b76fbfc50621d0fbd5e4e5f3618f02ea257b8d73a53637b7bc791cc40300e837e2de72007f
Static task
static1
Behavioral task
behavioral1
Sample
8fcfb8f38d8607c57f08f9b39139065f.dll
Resource
win7-20220715-en
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
37.120.206.71
37.120.206.84
193.106.191.163
-
base_path
/drew/
-
build
250240
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi_ifsb
3000
37.120.206.91
37.120.206.95
havefuntxmm.at
5.42.199.57
xerkdeoleone.at
-
base_path
/images/
-
build
250240
-
exe_type
worker
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
8fcfb8f38d8607c57f08f9b39139065f
-
Size
300KB
-
MD5
8fcfb8f38d8607c57f08f9b39139065f
-
SHA1
805bb719009145dcc32b5361abf5bb4d91015dbb
-
SHA256
ee46bd47dbd009333a72bc752b3d38d5a87a25f90fef3d4d77515d4fd11f3c8d
-
SHA512
6d02b5338e387185520c45a45434bf5e949fdfd66d484459c3e817b76fbfc50621d0fbd5e4e5f3618f02ea257b8d73a53637b7bc791cc40300e837e2de72007f
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-