General
-
Target
7da58be3aca05b82aa53698767c26840a09db56ad8de584a702ab640f8ee39e5
-
Size
444KB
-
Sample
221019-2dqvzsbbf3
-
MD5
821d6fee9e229e7481e533e89f16aa50
-
SHA1
c8be2a9fe9548527ca0caee94598630bf9e861e7
-
SHA256
7da58be3aca05b82aa53698767c26840a09db56ad8de584a702ab640f8ee39e5
-
SHA512
659e05514d26f5a105f1872f4acbe3334d7065f1a4b3278da401dbd079ee4cb7ee8602508efefa718bd801e0db08b052f19af6bba18027ceb1c48c5ee0e32e8b
-
SSDEEP
12288:qBlWJRQJ/D+iJIicarPZM6YZbDYDKCIrBBz6Ff0:qBQRQJ/ilAd3YYBIl1n
Static task
static1
Behavioral task
behavioral1
Sample
7da58be3aca05b82aa53698767c26840a09db56ad8de584a702ab640f8ee39e5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7da58be3aca05b82aa53698767c26840a09db56ad8de584a702ab640f8ee39e5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
gozi_ifsb
2000
newlinecinema130.ru
freechat15.ru
messenger9.ru
weatherwidget.ru
trafficzone.ru
adsanalytics.ru
adsbanner.ru
okallright.ru
-
build
212453
-
exe_type
worker
-
server_id
93
Targets
-
-
Target
7da58be3aca05b82aa53698767c26840a09db56ad8de584a702ab640f8ee39e5
-
Size
444KB
-
MD5
821d6fee9e229e7481e533e89f16aa50
-
SHA1
c8be2a9fe9548527ca0caee94598630bf9e861e7
-
SHA256
7da58be3aca05b82aa53698767c26840a09db56ad8de584a702ab640f8ee39e5
-
SHA512
659e05514d26f5a105f1872f4acbe3334d7065f1a4b3278da401dbd079ee4cb7ee8602508efefa718bd801e0db08b052f19af6bba18027ceb1c48c5ee0e32e8b
-
SSDEEP
12288:qBlWJRQJ/D+iJIicarPZM6YZbDYDKCIrBBz6Ff0:qBQRQJ/ilAd3YYBIl1n
Score10/10-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-