General
-
Target
95b107fed6499ed48dea071f07362a34289f5600c37a70b641e8d4676df78a80
-
Size
330KB
-
Sample
221013-wthxesgcg3
-
MD5
6a4b1cfb80bdb519dcd780cf3394de20
-
SHA1
e14344457221584f5ae03f041eeddcec1c941597
-
SHA256
95b107fed6499ed48dea071f07362a34289f5600c37a70b641e8d4676df78a80
-
SHA512
46acb4dc1311a7e0f016f44b3c8cf1d140b65bd5de57c2566d85f0289a91e10fba9df9493c8a8ad3c838d6b4ff85c1343dcd80b24f52876f3eb2703f3a6d417f
-
SSDEEP
6144:wikrw8J6L91p9xzyohKhRcIERqcKvl9W695OHIue/Ytijm/:M8iE93jkIIEwc6l9W62Hht
Static task
static1
Behavioral task
behavioral1
Sample
95b107fed6499ed48dea071f07362a34289f5600c37a70b641e8d4676df78a80.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
95b107fed6499ed48dea071f07362a34289f5600c37a70b641e8d4676df78a80.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
gozi_ifsb
1010
siasecuritychecks.com
195.20.141.92
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
95b107fed6499ed48dea071f07362a34289f5600c37a70b641e8d4676df78a80
-
Size
330KB
-
MD5
6a4b1cfb80bdb519dcd780cf3394de20
-
SHA1
e14344457221584f5ae03f041eeddcec1c941597
-
SHA256
95b107fed6499ed48dea071f07362a34289f5600c37a70b641e8d4676df78a80
-
SHA512
46acb4dc1311a7e0f016f44b3c8cf1d140b65bd5de57c2566d85f0289a91e10fba9df9493c8a8ad3c838d6b4ff85c1343dcd80b24f52876f3eb2703f3a6d417f
-
SSDEEP
6144:wikrw8J6L91p9xzyohKhRcIERqcKvl9W695OHIue/Ytijm/:M8iE93jkIIEwc6l9W62Hht
Score10/10-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-