Analysis
-
max time kernel
82s -
max time network
59s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
05-05-2021 10:28
Static task
static1
Behavioral task
behavioral1
Sample
59767b2ac03eb8320a661f410d53a025c8975b12de796e80b1c84306200f6a75.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
59767b2ac03eb8320a661f410d53a025c8975b12de796e80b1c84306200f6a75.dll
-
Size
488KB
-
MD5
aaba239e1c2208a6f00bb10034cba621
-
SHA1
2520815cda4b4cdf652de337d4c9285e74d2a585
-
SHA256
59767b2ac03eb8320a661f410d53a025c8975b12de796e80b1c84306200f6a75
-
SHA512
1c80f3ff51f5d9b53232a1d9fb10c02bf22d8fbd686b76b8c6718b11bf6e834ca5b02c19535f70cbc08ade26360d0b42c5b944d63516853fb84acc573614ad16
Malware Config
Extracted
Family
gozi_ifsb
Botnet
2500
C2
app.buboleinov.com
chat.veminiare.com
chat.billionady.com
app3.maintorna.com
Attributes
-
build
250188
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1104 wrote to memory of 2004 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2004 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2004 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2004 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2004 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2004 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2004 1104 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\59767b2ac03eb8320a661f410d53a025c8975b12de796e80b1c84306200f6a75.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\59767b2ac03eb8320a661f410d53a025c8975b12de796e80b1c84306200f6a75.dll,#12⤵PID:2004