Analysis
-
max time kernel
432s -
max time network
436s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
27-10-2022 00:02
Static task
static1
Behavioral task
behavioral1
Sample
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061.exe
Resource
win7-20220901-en
General
-
Target
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061.exe
-
Size
676KB
-
MD5
644c7a78a572d45d8af45d94e6a57e40
-
SHA1
0b3e29129dc20a87a166ade006bf8f1cbd9b8300
-
SHA256
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061
-
SHA512
7dfbe61d11077a254d13d869b888c22d2e02b82c6ae8d75f04f7683d5eca7aecc8e00de740e094f197ae2f1ebd6319c3c162dc1e1e9c20ec36f7a2bddab3ce33
-
SSDEEP
12288:Zv75bu3S23LN8wa7yelFRNuQ7TdC1ryYrKTP5uSZPnMll:J75E732wujXbzFZil
Malware Config
Extracted
gozi_ifsb
2002
test1.ru
-
build
216843
-
dga_base_url
opensource.apple.com/source/Security/Security-29/SecureTransport/LICENSE.txt?txt
-
dga_crc
0x6f0b167a
-
exe_type
worker
-
server_id
12
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061.exedescription ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061.exe