General
-
Target
98ff05d78e476e05838f7483d6d47aa91123cabbf8b5123989bd7e2969778c61
-
Size
1.1MB
-
Sample
230129-zynv1sed21
-
MD5
640895fa0a1c22cf32b63cdd43727225
-
SHA1
6ed85dca7bbd489ed0e404337e855df3d835d0ae
-
SHA256
98ff05d78e476e05838f7483d6d47aa91123cabbf8b5123989bd7e2969778c61
-
SHA512
bc40a3e79b9c076048b3e239f81368fde349b11e67c0daa1121a39595eafe676178d816ce354639e737f6fb94e1b84769f20296374d23e516985de5316c28f3b
-
SSDEEP
24576:i30ixqmP/+GZgTXrHJB+pffKUmHaRLNW0wfpKncbBWZtxjB/s69oTGxUcbrJOBPO:i30ixj/aTXrH7+pHKUmHeLNW0wBKnc4L
Static task
static1
Behavioral task
behavioral1
Sample
98ff05d78e476e05838f7483d6d47aa91123cabbf8b5123989bd7e2969778c61.dll
Resource
win7-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
http://ey7kuuklgieop2pq.onion
http://drunt.at
http://news-deck.at
http://taslks.at
-
build
217107
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
98ff05d78e476e05838f7483d6d47aa91123cabbf8b5123989bd7e2969778c61
-
Size
1.1MB
-
MD5
640895fa0a1c22cf32b63cdd43727225
-
SHA1
6ed85dca7bbd489ed0e404337e855df3d835d0ae
-
SHA256
98ff05d78e476e05838f7483d6d47aa91123cabbf8b5123989bd7e2969778c61
-
SHA512
bc40a3e79b9c076048b3e239f81368fde349b11e67c0daa1121a39595eafe676178d816ce354639e737f6fb94e1b84769f20296374d23e516985de5316c28f3b
-
SSDEEP
24576:i30ixqmP/+GZgTXrHJB+pffKUmHaRLNW0wfpKncbBWZtxjB/s69oTGxUcbrJOBPO:i30ixj/aTXrH7+pHKUmHeLNW0wBKnc4L
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-