General
-
Target
f1092a2bf5184f81e6a33aee8fdc8c854dbe40f2f3a3d50e4cbb2cc1c0fe594b
-
Size
687KB
-
Sample
221020-p6leraecen
-
MD5
4df1e1ac54aeaf343dad49b162114f20
-
SHA1
7f9b44be1817fcbd64aedb70e42f4f5024b316f0
-
SHA256
f1092a2bf5184f81e6a33aee8fdc8c854dbe40f2f3a3d50e4cbb2cc1c0fe594b
-
SHA512
452d0b770e0f27e187913f846406bd218cf6cd4bae1918cdb14c3f1e983e28241cf913171bc36f178f98d2641bbb508de24b9b4cb9d2494fe9e1aff1193be246
-
SSDEEP
12288:EgvBq3lYqM7XCnb1F0pRi9QwnUevN34uyulBw7acvaGZCnkKuvo:r8WqMen5FWMibuNIMlGacvaG3Kuo
Static task
static1
Behavioral task
behavioral1
Sample
f1092a2bf5184f81e6a33aee8fdc8c854dbe40f2f3a3d50e4cbb2cc1c0fe594b.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f1092a2bf5184f81e6a33aee8fdc8c854dbe40f2f3a3d50e4cbb2cc1c0fe594b.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
gozi_ifsb
3000
unikymprogress.ru
ferarirecord.ru
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
f1092a2bf5184f81e6a33aee8fdc8c854dbe40f2f3a3d50e4cbb2cc1c0fe594b
-
Size
687KB
-
MD5
4df1e1ac54aeaf343dad49b162114f20
-
SHA1
7f9b44be1817fcbd64aedb70e42f4f5024b316f0
-
SHA256
f1092a2bf5184f81e6a33aee8fdc8c854dbe40f2f3a3d50e4cbb2cc1c0fe594b
-
SHA512
452d0b770e0f27e187913f846406bd218cf6cd4bae1918cdb14c3f1e983e28241cf913171bc36f178f98d2641bbb508de24b9b4cb9d2494fe9e1aff1193be246
-
SSDEEP
12288:EgvBq3lYqM7XCnb1F0pRi9QwnUevN34uyulBw7acvaGZCnkKuvo:r8WqMen5FWMibuNIMlGacvaG3Kuo
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-