Analysis
-
max time kernel
3s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
13-02-2021 15:46
Static task
static1
Behavioral task
behavioral1
Sample
3338.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
3338.dll
-
Size
93KB
-
MD5
913c77883aa2e28ec98e5cf86d6fc2cb
-
SHA1
5a5c60b32770cb4654269a812d07e13767ad7ed6
-
SHA256
ae55975bd40147ab3b9a02f1e2e0279f714bce9845d26ace252cd590a42d733d
-
SHA512
8722b1958bdea7c23073d4f26c8f47221244ff44d243d253948a48d3635b5c96131078cb867e3f83f6cfdb4800c26ca4da9b4c12ce56219591b5c716ba058bf9
Malware Config
Extracted
Family
gozi_ifsb
Botnet
3300
C2
api10.laptok.at/api1
golang.feel500.at/api1
go.in100k.at/api1
Attributes
-
build
250171
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
730
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2004-3-0x00000000765E1000-0x00000000765E3000-memory.dmpFilesize
8KB
-
memory/2004-2-0x0000000000000000-mapping.dmp
-
memory/2004-4-0x0000000002120000-0x0000000004133000-memory.dmpFilesize
32.1MB
-
memory/2004-5-0x0000000010000000-0x0000000012013000-memory.dmpFilesize
32.1MB