General
-
Target
f9d778ad3bfea174401f36a2d88851d8
-
Size
378KB
-
Sample
220809-pv673scac9
-
MD5
f9d778ad3bfea174401f36a2d88851d8
-
SHA1
fd2b30e2f029939c31c759d9fbdd5ee5242137c0
-
SHA256
44026db9b82303793e896838dd9e85def8b501ec72e3b64584db38212ea312f5
-
SHA512
046ee69e01fc2e64b3cf75ccfa9a0886ef4e6752f9d90e199c67b8cc9cfdf767d8235b3a638fc96782cea0ff1b278f8d36a2ea25c9a5a839c0c03d199de5175a
Static task
static1
Behavioral task
behavioral1
Sample
f9d778ad3bfea174401f36a2d88851d8.dll
Resource
win7-20220718-en
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
79.110.52.8
79.110.52.80
193.106.191.163
-
base_path
/drew/
-
build
250240
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi_ifsb
3000
79.110.52.82
79.110.52.94
havefuntxmm.at
5.42.199.57
xerkdeoleone.at
-
base_path
/images/
-
build
250240
-
exe_type
worker
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
f9d778ad3bfea174401f36a2d88851d8
-
Size
378KB
-
MD5
f9d778ad3bfea174401f36a2d88851d8
-
SHA1
fd2b30e2f029939c31c759d9fbdd5ee5242137c0
-
SHA256
44026db9b82303793e896838dd9e85def8b501ec72e3b64584db38212ea312f5
-
SHA512
046ee69e01fc2e64b3cf75ccfa9a0886ef4e6752f9d90e199c67b8cc9cfdf767d8235b3a638fc96782cea0ff1b278f8d36a2ea25c9a5a839c0c03d199de5175a
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-