General
-
Target
manIf.db
-
Size
351KB
-
Sample
220825-y736maaehk
-
MD5
60375d64a9a496e220b6eb1b63e899b3
-
SHA1
d1b2dd93026b83672118940df78a41e2ee02be80
-
SHA256
8e570e32acb99abfd0daf62cff13a09eb694ebfa633a365d224aefc6449f97de
-
SHA512
94dd11ffac54db7301572688958a7e8c0a8486a614370dc5e78a0148c31bfbdc856dc8313ea8b06e0ed6d7e57b45e649af72bba56723b96e1269dfec5e0dcc5f
-
SSDEEP
6144:S5UwskH5M4JuJAGEshm9uu7tDC/vjalCX6hBydwErnZJ2hVmv3Itrfq/mENG1w2O:oUwJHGYTZhVyYtmNNEw2nSl5rrPZh5Mx
Static task
static1
Behavioral task
behavioral1
Sample
manIf.dll
Resource
win7-20220812-en
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
superstarts.top
superlist.top
internetcoca.in
193.106.191.163
-
base_path
/drew/
-
build
250240
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi_ifsb
3000
superliner.top
superlinez.top
internetlined.com
internetlines.in
medialists.su
medialists.ru
mediawagi.info
mediawagi.ru
5.42.199.83
denterdrigx.com
и
digserchx.at
-
base_path
/images/
-
build
250240
-
exe_type
worker
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
manIf.db
-
Size
351KB
-
MD5
60375d64a9a496e220b6eb1b63e899b3
-
SHA1
d1b2dd93026b83672118940df78a41e2ee02be80
-
SHA256
8e570e32acb99abfd0daf62cff13a09eb694ebfa633a365d224aefc6449f97de
-
SHA512
94dd11ffac54db7301572688958a7e8c0a8486a614370dc5e78a0148c31bfbdc856dc8313ea8b06e0ed6d7e57b45e649af72bba56723b96e1269dfec5e0dcc5f
-
SSDEEP
6144:S5UwskH5M4JuJAGEshm9uu7tDC/vjalCX6hBydwErnZJ2hVmv3Itrfq/mENG1w2O:oUwJHGYTZhVyYtmNNEw2nSl5rrPZh5Mx
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-