General
-
Target
11c7df54e3ee750d18a5aee565d8609594e4a30b16669df135057b8f28692680
-
Size
308KB
-
Sample
221019-3jn41sdcap
-
MD5
90cf795b14a75a1a28e7abf49a0a9af0
-
SHA1
93190d75a679cff026b04902c09cf31ca4082036
-
SHA256
11c7df54e3ee750d18a5aee565d8609594e4a30b16669df135057b8f28692680
-
SHA512
235ca280a50b28d83a70694d55ec079de215ca73008fe18a9800ed107257f2ac102b754b1ce2443e82eb0ad304eef91e2fe37ac4726a6f871cb586443cd5b830
-
SSDEEP
6144:dw3kK9f9dbbmQyyTaBrlf0M+MEMcZCCKPCOBmcm8LCLI772y:S3kK9FdbNTaBpfpEMcZqCOB1DS
Static task
static1
Behavioral task
behavioral1
Sample
11c7df54e3ee750d18a5aee565d8609594e4a30b16669df135057b8f28692680.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
11c7df54e3ee750d18a5aee565d8609594e4a30b16669df135057b8f28692680.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
gozi_ifsb
1020
sys.charityautoaz.com/geodata/version/ip2ext
lan.fbbcwoodwardpark.com/geodata/version/ip2ext
sys.fmacconsulting.com/geodata/version/ip2ext
supportsstats.net/geodata/version/ip2ext
-
build
212578
-
exe_type
worker
-
server_id
30
Targets
-
-
Target
11c7df54e3ee750d18a5aee565d8609594e4a30b16669df135057b8f28692680
-
Size
308KB
-
MD5
90cf795b14a75a1a28e7abf49a0a9af0
-
SHA1
93190d75a679cff026b04902c09cf31ca4082036
-
SHA256
11c7df54e3ee750d18a5aee565d8609594e4a30b16669df135057b8f28692680
-
SHA512
235ca280a50b28d83a70694d55ec079de215ca73008fe18a9800ed107257f2ac102b754b1ce2443e82eb0ad304eef91e2fe37ac4726a6f871cb586443cd5b830
-
SSDEEP
6144:dw3kK9f9dbbmQyyTaBrlf0M+MEMcZCCKPCOBmcm8LCLI772y:S3kK9FdbNTaBpfpEMcZqCOB1DS
Score10/10-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-