General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
5050
C2
mifrutty.com
Attributes
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Extracted
Family
gozi
Botnet
5050
C2
http://igrovdow.com
Attributes
-
base_path
/pictures/
-
build
250260
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Targets
-
-
Target
https://bazaar.abuse.ch/download/911bb31927c7250b4741063159cccf6549e4a28ce6b0a5043d3392c7fce401e4/
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-