Analysis
-
max time kernel
93s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
10-03-2021 21:13
Static task
static1
Behavioral task
behavioral1
Sample
33.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
33.dll
-
Size
170KB
-
MD5
b70bb01648a76dd8545fd12ec53b9ce7
-
SHA1
78a6919ffa9a86d8e85f248ce6435754b4d6f60b
-
SHA256
4713834ea4f17e583ce824f4c2ee391cafac251d6f0d64a5234b417ac593094b
-
SHA512
fe6eb27d690d3d2bd9771408588c34d6287514d6247e034e9f009ecef8f1bc41cb76ed9a42d8ab3b57cb3cfa1ec24a501b5532b27c5eba55369ed2e0dc1389e3
Malware Config
Extracted
Family
gozi_ifsb
Botnet
3300
C2
api10.laptok.at/api1
golang.feel500.at/api1
go.in100k.at/api1
Attributes
-
build
250180
-
exe_type
loader
-
server_id
730
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1648 wrote to memory of 1432 1648 regsvr32.exe regsvr32.exe PID 1648 wrote to memory of 1432 1648 regsvr32.exe regsvr32.exe PID 1648 wrote to memory of 1432 1648 regsvr32.exe regsvr32.exe PID 1648 wrote to memory of 1432 1648 regsvr32.exe regsvr32.exe PID 1648 wrote to memory of 1432 1648 regsvr32.exe regsvr32.exe PID 1648 wrote to memory of 1432 1648 regsvr32.exe regsvr32.exe PID 1648 wrote to memory of 1432 1648 regsvr32.exe regsvr32.exe