Overview

overview

10

Static

static

5fbce6bbc8cc4png.dll

windows7_x64

10

5fbce6bbc8cc4png.dll

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    24-11-2020 10:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5fbce6bbc8cc4png.dll

  • Size

    114KB

  • MD5

    df765ccd4b1c44dade295ab32b43a73e

  • SHA1

    f32ebd4b964d06f350207ee84d041f1c83a79142

  • SHA256

    184a4559b5b36330ba844ca4cd9408aed2f38290bf4cb8ad3ba6e129423a0bd0

  • SHA512

    eeab6e97190411e37ff95d641b508c98a22c1a9408a7e4c03502d0a85db012977eb8f0e400d2039e71c24511a82d32bcd138c2504bcd4dfd94f21e54d42646d4

Score
10/10
gozi_ifsbbankertrojan

Malware Config

Signatures

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb
  • Modifies Internet Explorer settings 1 TTPs 87 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5fbce6bbc8cc4png.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3372
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\5fbce6bbc8cc4png.dll
      2⤵
        PID:384
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4084
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4084 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:588
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1752
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2576
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3020
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2840
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3888
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3888 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1532

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
      MD5

      698e23ad6f0981f304b600a3f8b29caa

      SHA1

      d92e3d3fee4358285023c8050abda8507fed03a8

      SHA256

      fc3572479f77a6b8e73d9a230e2fa229637466982ec3c36f744d663935cd568a

      SHA512

      803411d5b8ac1728787aa2fabf411d52cc3ea666ae9f2c8aa2fcab2e9c46712fdc453e951b16c2bef33b5020718793aff9bb90a52ac63e249ddf960d40d14be3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
      MD5

      8f3dde2f939d5f50bd01430f6d5cf03d

      SHA1

      43de0a3cbc1e4ea92f4ed3494aaca6de4a53be58

      SHA256

      10349c1a37337e3ed7ad243b0c4c4a1232a0b8210bc83298c566706976e2a2b4

      SHA512

      1dcad075dc6f448ac923c2eccfbafbdd85c087e5dab85dbb81e5d1303e165fc173f369f4784fb6365a136ddf1c7e2847fd756909bb6d062b4d9821474507b05b

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ygi6rqc\imagestore.dat
      MD5

      9240d337ca1b1b591e88314cefd19e33

      SHA1

      c4232e43a9500e15916c4f35c19fcf59b4974a15

      SHA256

      a3f5cf29bce3aaddb936567441b91c89b95a2cd3c8a97bdad902b73f453b9013

      SHA512

      2f3a60a41a1ab1fc282b67f9d52fd4d78f2db245ddfe3a294dd7f4707dac0644b769184e9fa0ad01ab34419b2f8a67cab3dd5328e9122a1c5d825d55d3eda942

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RW8YYLAG\robot[1].png
      MD5

      4c9acf280b47cef7def3fc91a34c7ffe

      SHA1

      c32bb847daf52117ab93b723d7c57d8b1e75d36b

      SHA256

      5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7

      SHA512

      369d5888e0d19b46cb998ea166d421f98703aec7d82a02dc7ae10409aec253a7ce099d208500b4e39779526219301c66c2fd59fe92170b324e70cf63ce2b429c

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UOAPEAJQ\googlelogo_color_150x54dp[1].png
      MD5

      9d73b3aa30bce9d8f166de5178ae4338

      SHA1

      d0cbc46850d8ed54625a3b2b01a2c31f37977e75

      SHA256

      dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

      SHA512

      8e55d1677cdbfe9db6700840041c815329a57df69e303adc1f994757c64100fe4a3a17e86ef4613f4243e29014517234debfbcee58dab9fc56c81dd147fdc058

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Y7D6M65U.cookie
      MD5

      9a92c77309da25405ca6c13f086bf19a

      SHA1

      35622c172648a05ec166c8e11016a9238cf8fb92

      SHA256

      4568ede034521776d48aada333a447b6002644dae42864f5426189e2435b6741

      SHA512

      73c620067ef9292ec6f6ae76a6c6aa04e38ede970dfc8ae10410a2d382f4013466c6cd3cfc3a47d2bb8b825e5c45da68b6a228bd87ce635e12d70a5c10250a0a

      Download Submit
    • memory/384-0-0x0000000000000000-mapping.dmp
      Download
    • memory/588-1-0x0000000000000000-mapping.dmp
      Download
    • memory/1532-13-0x0000000000000000-mapping.dmp
      Download
    • memory/2576-2-0x0000000000000000-mapping.dmp
      Download
    • memory/2840-8-0x000000000F640000-0x000000000F650000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2840-11-0x000000000FC50000-0x000000000FC60000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2840-12-0x000000000F640000-0x000000000F650000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2840-10-0x000000000FC50000-0x000000000FC60000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2840-9-0x000000000F640000-0x000000000F650000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2840-5-0x0000000000000000-mapping.dmp
      Download