General
-
Target
62f24e6f4c4c7.dll
-
Size
607KB
-
Sample
220809-pd4qmabga4
-
MD5
62cdd734fdd2d50b1f36f16dac017061
-
SHA1
bacbec8f116f3e5274693cf7ba6de5c83fb3d9a8
-
SHA256
e192656ce9c73ac7bcb4cec136378c5843e128b76cd1c021aeec274edecbf869
-
SHA512
2e11dd12f87781d226824de7286237d94d3ba5e77b2c189d5a3e6418d55a4c9689e8890e2734f6476b0893253a6993dc3aca261fd11bd7d2e05760e138daa467
Static task
static1
Behavioral task
behavioral1
Sample
62f24e6f4c4c7.dll
Resource
win7-20220718-en
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
79.110.52.8
79.110.52.80
193.106.191.163
-
base_path
/drew/
-
build
250240
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi_ifsb
3000
79.110.52.82
79.110.52.94
havefuntxmm.at
5.42.199.57
xerkdeoleone.at
-
base_path
/images/
-
build
250240
-
exe_type
worker
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
62f24e6f4c4c7.dll
-
Size
607KB
-
MD5
62cdd734fdd2d50b1f36f16dac017061
-
SHA1
bacbec8f116f3e5274693cf7ba6de5c83fb3d9a8
-
SHA256
e192656ce9c73ac7bcb4cec136378c5843e128b76cd1c021aeec274edecbf869
-
SHA512
2e11dd12f87781d226824de7286237d94d3ba5e77b2c189d5a3e6418d55a4c9689e8890e2734f6476b0893253a6993dc3aca261fd11bd7d2e05760e138daa467
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-