General
-
Target
63297b019069d.pdf
-
Size
504KB
-
Sample
220920-kgs13sgafm
-
MD5
d9af455fda42e5338a154d5b6abbce7c
-
SHA1
27023986e041140313474bb255f0dc1be03ac277
-
SHA256
3d37a039f510721efc2a3b8970ec02bb1805459acf9f898c490f9417972987bf
-
SHA512
75ed1c03027051d7838911b65948d5854bfb857598dc5cf739ed19bad49e85237c75b76ab7de17b1f91b43a88b00a91f441b17c8db93aa23ad3c17fbe937621e
-
SSDEEP
6144:/EZjSPANWjOuuPdo4JrNOiduRVBVSjcdZ0nPjlv7oppo7490BszloJ5ICZO/+:KdlJOkuRVfa48LljoppoE90Co5dL
Static task
static1
Behavioral task
behavioral1
Sample
63297b019069d.dll
Resource
win7-20220812-en
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
89.41.26.99
89.45.4.102
193.106.191.163
interstarts.top
superlist.top
internetcoca.in
-
base_path
/drew/
-
build
250246
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi_ifsb
3000
interliner.top
interlinel.top
superliner.top
superlinez.top
internetlined.com
internetlines.in
medialists.su
medialists.ru
mediawagi.info
mediawagi.ru
89.41.26.90
89.41.26.93
denterdrigx.com
digserchx.at
-
base_path
/images/
-
build
250246
-
exe_type
worker
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
63297b019069d.pdf
-
Size
504KB
-
MD5
d9af455fda42e5338a154d5b6abbce7c
-
SHA1
27023986e041140313474bb255f0dc1be03ac277
-
SHA256
3d37a039f510721efc2a3b8970ec02bb1805459acf9f898c490f9417972987bf
-
SHA512
75ed1c03027051d7838911b65948d5854bfb857598dc5cf739ed19bad49e85237c75b76ab7de17b1f91b43a88b00a91f441b17c8db93aa23ad3c17fbe937621e
-
SSDEEP
6144:/EZjSPANWjOuuPdo4JrNOiduRVBVSjcdZ0nPjlv7oppo7490BszloJ5ICZO/+:KdlJOkuRVfa48LljoppoE90Co5dL
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-