General
-
Target
5353.iso
-
Size
418KB
-
Sample
221020-pl6vysddep
-
MD5
14cb7db8dbd6760facc522bee181071f
-
SHA1
edc0f186ee5dfb5b05d8d57d283cc49f688a6afc
-
SHA256
4fc5fe464bee34e45e7d88c634a122164f0f2b3a78ae46a8d540eee17cf13647
-
SHA512
baeaebc0cc1680f76ea525b1cfe61f78be217cb8541553173acdb39cba1332ef437303f9b76c9f9f3f91306f9bf735f04b9e966af3a911516f2bffa84b460de9
-
SSDEEP
12288:wNbMYzwhwZwcwvOqHYHHDOcYw9wi5eOlGHHHHuOUwLmwbj26rj+:QzwhwZwcwXHYHHmw9wqdGHHHHMwLmQjS
Static task
static1
Behavioral task
behavioral1
Sample
5353.lnk
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
5353.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
internee/highlighted.cmd
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
internee/highlighted.cmd
Resource
win10v2004-20220812-en
Malware Config
Extracted
gozi_ifsb
5000
config.edge.skype.com
onlinetwork.top
linetwork.top
-
base_path
/drew/
-
build
250246
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
5353.lnk
-
Size
1KB
-
MD5
ab707348e10bb475ae3da7dbc3a3e791
-
SHA1
d201d835c1b487addfecadccf51b09c5eac35a6c
-
SHA256
3217a3d5115cd2aefb82497017ed391c9400be479e56b9a6aa0e40f66da8cdcb
-
SHA512
6c9ebbb710dcbeee24432fa5f1d56c5c2473ebbc71b220780eaae825d7d3f434ad1b6d4a46ce6dafe5687155fcbf86b932852ce0f7711db85bb07128271c666a
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
-
-
Target
internee/highlighted.cmd
-
Size
378B
-
MD5
5ba9ba2fdc982323061d2fa8977b73e2
-
SHA1
11eb965374b01c766fcb59fa1afc4ad0e9bd507d
-
SHA256
9b1f31bdc9ae8596f6cbf32f213857d74aa0801caf8bcf2f3b23ac9efb0d8f29
-
SHA512
9d2f56c09a3421edbe20f5a8e644557bc37a30caa0b7b1c320043d245a5147fc9dd933a662cd6969fee73fe70ae51878a0809fe4cbaa812f5fe7912eb48c1cad
Score1/10 -