Analysis
-
max time kernel
24s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
03-06-2021 16:05
Static task
static1
Behavioral task
behavioral1
Sample
shorefront.eps.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
shorefront.eps.dll
-
Size
384KB
-
MD5
93b0ad344d44befa41b292d0a4609e56
-
SHA1
3306d48bd1ff87555d9a8accd30583b6789d4683
-
SHA256
1da1183f1cd5f96f113a3b8978359b50380bfbc82e6987e274892edf56fcf3b5
-
SHA512
3f00ed2b35fd951f804ae8030c0eee4a1acf77234c4daf09f0b653ae5bce439209d30b2faa6d44677f75143ddb9543ef0f04a492dc34849f8b39801c986cf487
Malware Config
Extracted
Family
gozi_ifsb
Botnet
4500
C2
app.buboleinov.com
chat.veminiare.com
chat.billionady.com
app3.maintorna.com
Attributes
-
build
250188
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 484 wrote to memory of 1932 484 rundll32.exe rundll32.exe PID 484 wrote to memory of 1932 484 rundll32.exe rundll32.exe PID 484 wrote to memory of 1932 484 rundll32.exe rundll32.exe PID 484 wrote to memory of 1932 484 rundll32.exe rundll32.exe PID 484 wrote to memory of 1932 484 rundll32.exe rundll32.exe PID 484 wrote to memory of 1932 484 rundll32.exe rundll32.exe PID 484 wrote to memory of 1932 484 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1932-60-0x0000000000000000-mapping.dmp
-
memory/1932-61-0x0000000075EF1000-0x0000000075EF3000-memory.dmpFilesize
8KB
-
memory/1932-62-0x0000000071E20000-0x0000000071E2E000-memory.dmpFilesize
56KB
-
memory/1932-63-0x0000000071E20000-0x0000000072E90000-memory.dmpFilesize
16.4MB
-
memory/1932-64-0x0000000000160000-0x0000000000161000-memory.dmpFilesize
4KB