General
-
Target
3472bce1e2a03730287a029d6ab2aa729b9b8f114cac43989272094af26ef404
-
Size
1.1MB
-
Sample
230129-zyvzbsch95
-
MD5
9ebb3e24459bd86f749f01523fae652d
-
SHA1
cc8d16513038fb2b43798571f5c2591ee91f097e
-
SHA256
3472bce1e2a03730287a029d6ab2aa729b9b8f114cac43989272094af26ef404
-
SHA512
f013bbad5bc4ee88a83dd98421d22ad58d55fa03cef4833471867daaf0059716c2feca4909530f0829c2f7c180d2524ef5053567f146724426049473660ff677
-
SSDEEP
24576:i30ixqmP/+GZgTXrHJB+pffKUmHaRLNW0wfpKncbBWZtxjB/s69wTGxUcbrJOBPO:i30ixj/aTXrH7+pHKUmHeLNW0wBKnc4z
Static task
static1
Behavioral task
behavioral1
Sample
3472bce1e2a03730287a029d6ab2aa729b9b8f114cac43989272094af26ef404.dll
Resource
win7-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
1000
http://ey7kuuklgieop2pq.onion
http://drunt.at
http://news-deck.at
http://taslks.at
-
build
217107
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
3472bce1e2a03730287a029d6ab2aa729b9b8f114cac43989272094af26ef404
-
Size
1.1MB
-
MD5
9ebb3e24459bd86f749f01523fae652d
-
SHA1
cc8d16513038fb2b43798571f5c2591ee91f097e
-
SHA256
3472bce1e2a03730287a029d6ab2aa729b9b8f114cac43989272094af26ef404
-
SHA512
f013bbad5bc4ee88a83dd98421d22ad58d55fa03cef4833471867daaf0059716c2feca4909530f0829c2f7c180d2524ef5053567f146724426049473660ff677
-
SSDEEP
24576:i30ixqmP/+GZgTXrHJB+pffKUmHaRLNW0wfpKncbBWZtxjB/s69wTGxUcbrJOBPO:i30ixj/aTXrH7+pHKUmHeLNW0wBKnc4z
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-