Overview

overview

10

Static

static

kybe4.dll

windows7_x64

10

kybe4.dll

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    92s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    12-03-2021 10:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kybe4.dll

  • Size

    563KB

  • MD5

    31a9651f386ed20b3dd3bda2d6177cca

  • SHA1

    92fb6d44f25339ae1f12c0a57071685b37d2f823

  • SHA256

    075ad31d8864e79876674c468a4a0f381ab9ce29559db21aad32e10ba8216fa1

  • SHA512

    bd916da067cc36300f303397e274802d3cc11524d7b0b3ab547bd737cf75d5c8cb67f273b1958220296200d5b08a8675bb4d305896f1811a8110f49df923b9c9

Score
10/10
gozi_ifsb5500bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5500

C2

windows.update.com

shop.microsoft.com

fraloopilo.xyz

paladingrazz.xyz
Attributes
  • build

    250177

  • dga_season

    10

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.base64
serpent.plain

Signatures

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\kybe4.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:528
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\kybe4.dll
      2⤵
        PID:1904

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/528-2-0x000007FEFC3C1000-0x000007FEFC3C3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1904-3-0x0000000000000000-mapping.dmp
      Download
    • memory/1904-4-0x0000000075D01000-0x0000000075D03000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1904-5-0x0000000074F60000-0x0000000074F6F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/1904-6-0x0000000000210000-0x0000000000211000-memory.dmp
      Filesize

      4KB

      Download