Analysis
-
max time kernel
70s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
15-03-2021 14:13
Static task
static1
Behavioral task
behavioral1
Sample
kybe3.dll
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
kybe3.dll
-
Size
563KB
-
MD5
c7eeecef364f35c1b3f56b3136d5607f
-
SHA1
17b1f56ce5ffed92d7939315ebc1818157f02506
-
SHA256
f2059f3054bee3cb57c666b3994c0cf3aa61c981e2d70a798b5f1f43a189f20a
-
SHA512
31da7d5d631dd7809e252374dded9ab47fe17875ae53a8680e1aa433dda65cbe4688f6a3d1afaca67dcb30756c988476381444e1c6e16090bb4b7278a52b6f34
Malware Config
Extracted
Family
gozi_ifsb
Botnet
5500
C2
windows.update.com
shop.microsoft.com
fraloopilo.xyz
paladingrazz.xyz
Attributes
-
build
250177
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 3132 wrote to memory of 504 3132 regsvr32.exe regsvr32.exe PID 3132 wrote to memory of 504 3132 regsvr32.exe regsvr32.exe PID 3132 wrote to memory of 504 3132 regsvr32.exe regsvr32.exe