General
-
Target
1690e6dc209cf184d37b9ab4a7a66a291ae7c1e045df91c19c5036ba90b3e251
-
Size
37KB
-
Sample
220919-y6s92abffr
-
MD5
e95b96c3cdd316f1be76a3ad746f63bc
-
SHA1
63fbf324525828bb464cb2f9b793ca29bb83e9d5
-
SHA256
1690e6dc209cf184d37b9ab4a7a66a291ae7c1e045df91c19c5036ba90b3e251
-
SHA512
f6b55de10ef749fad45ef5f4e820f63e42285f94c0239dec9d049d0bd81c30ad242254e475ac33260e09b5d47e674e3e17fb73587b7220bfa9aa705dbb54f89c
-
SSDEEP
768:Q41V8UHIm2fyyr96/SNxoZC/OFYbmVvP0rhAuCzL+rZhgbtuPja1xDiMxy:QefIZfdMexoGvmQhARarEMoxDi0y
Behavioral task
behavioral1
Sample
1690e6dc209cf184d37b9ab4a7a66a291ae7c1e045df91c19c5036ba90b3e251.exe
Resource
win7-20220812-en
Malware Config
Extracted
gozi_ifsb
40000
trackingg-protectioon.cdn1.mozilla.net
45.8.158.104
188.127.224.114
weiqeqwns.com
wdeiqeqwns.com
weiqeqwens.com
weiqewqwns.com
iujdhsndjfks.com
-
base_path
/uploaded/
-
build
250240
-
exe_type
loader
-
extension
.pct
-
server_id
50
Extracted
gozi_ifsb
40000
trackingg-protectioon.cdn1.mozilla.net
45.8.158.104
188.127.224.114
weiqeqwns.com
wdeiqeqwns.com
weiqeqwens.com
weiqewqwns.com
iujdhsndjfks.com
-
base_path
/uploaded/
-
build
250246
-
exe_type
worker
-
extension
.pct
-
server_id
50
Targets
-
-
Target
1690e6dc209cf184d37b9ab4a7a66a291ae7c1e045df91c19c5036ba90b3e251
-
Size
37KB
-
MD5
e95b96c3cdd316f1be76a3ad746f63bc
-
SHA1
63fbf324525828bb464cb2f9b793ca29bb83e9d5
-
SHA256
1690e6dc209cf184d37b9ab4a7a66a291ae7c1e045df91c19c5036ba90b3e251
-
SHA512
f6b55de10ef749fad45ef5f4e820f63e42285f94c0239dec9d049d0bd81c30ad242254e475ac33260e09b5d47e674e3e17fb73587b7220bfa9aa705dbb54f89c
-
SSDEEP
768:Q41V8UHIm2fyyr96/SNxoZC/OFYbmVvP0rhAuCzL+rZhgbtuPja1xDiMxy:QefIZfdMexoGvmQhARarEMoxDi0y
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-