Resubmissions
06-10-2023 00:32
231006-avxlbaac38 1006-10-2023 00:31
231006-at7pwsgb5s 1005-10-2023 16:10
231005-tmvxasec87 10Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
05-10-2023 16:10
Static task
static1
Behavioral task
behavioral1
Sample
7665e793186c3c83ec2c2c69adaee5e81ec60d395d8714921352296a5ab88ae6.exe
Resource
win7-20230831-en
General
-
Target
7665e793186c3c83ec2c2c69adaee5e81ec60d395d8714921352296a5ab88ae6.exe
-
Size
304KB
-
MD5
a3f4c907a088c99a8b7bf5f4280d7d0c
-
SHA1
9a9297bd0af1c008eb7477c1e310ce70c30c6d56
-
SHA256
7665e793186c3c83ec2c2c69adaee5e81ec60d395d8714921352296a5ab88ae6
-
SHA512
106a0a4275a421a6dbef6c43e76921e6eae1aca5f6d960f823763a3127b7ebf826c626da460db82451aba4a94c32c8c198d6871b0a2c6de7d96c937384e92f9b
-
SSDEEP
6144:Oo+91vDNpa6NK56upTHirwtc3nhBvjQOR/Oz2IHTN+:ONDLu4K56u1HqfhBvjQOWz2W
Malware Config
Extracted
gozi
Extracted
gozi
5050
mifrutty.com
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Signatures
-
Dave packer 1 IoCs
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
Processes:
resource yara_rule behavioral1/memory/2804-1-0x0000000000090000-0x000000000009C000-memory.dmp dave