General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
5050
C2
mifrutty.com
Attributes
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Extracted
Family
gozi
Botnet
5050
C2
http://igrovdow.com
Attributes
-
base_path
/pictures/
-
build
250260
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Targets
-
-
Target
https://bazaar.abuse.ch/download/2adca18a6ba459e5325ce934d473c08a411ae5b8049ca4c37ea9b300553b1f40/
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-