General
-
Target
de00c4750accf516704b8c0df265c24a
-
Size
300KB
-
Sample
220803-thgh4sche6
-
MD5
de00c4750accf516704b8c0df265c24a
-
SHA1
eddbc6019ec7ba82d3c5b4c59efe797ff1df9f75
-
SHA256
7dae6d6fb339b6114ffdd3c0b6bcaa2c9dab0a73979fec029801e9e16d7d06bc
-
SHA512
b0e6bbbdae36bd81f63dbab9296515d3a389fa6acb397476058ae202e66026ca8dc523fb35c6b7145a87d6e61e3833e396873e61e733152ccbaa39387bada96f
Static task
static1
Behavioral task
behavioral1
Sample
de00c4750accf516704b8c0df265c24a.dll
Resource
win7-20220715-en
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
37.120.206.71
37.120.206.84
193.106.191.163
-
base_path
/drew/
-
build
250240
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi_ifsb
3000
37.120.206.91
37.120.206.95
havefuntxmm.at
5.42.199.57
xerkdeoleone.at
-
base_path
/images/
-
build
250240
-
exe_type
worker
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
de00c4750accf516704b8c0df265c24a
-
Size
300KB
-
MD5
de00c4750accf516704b8c0df265c24a
-
SHA1
eddbc6019ec7ba82d3c5b4c59efe797ff1df9f75
-
SHA256
7dae6d6fb339b6114ffdd3c0b6bcaa2c9dab0a73979fec029801e9e16d7d06bc
-
SHA512
b0e6bbbdae36bd81f63dbab9296515d3a389fa6acb397476058ae202e66026ca8dc523fb35c6b7145a87d6e61e3833e396873e61e733152ccbaa39387bada96f
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-