Analysis
-
max time kernel
23s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
03-06-2021 16:05
Static task
static1
Behavioral task
behavioral1
Sample
shorefront.eps.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
shorefront.eps.dll
-
Size
384KB
-
MD5
93b0ad344d44befa41b292d0a4609e56
-
SHA1
3306d48bd1ff87555d9a8accd30583b6789d4683
-
SHA256
1da1183f1cd5f96f113a3b8978359b50380bfbc82e6987e274892edf56fcf3b5
-
SHA512
3f00ed2b35fd951f804ae8030c0eee4a1acf77234c4daf09f0b653ae5bce439209d30b2faa6d44677f75143ddb9543ef0f04a492dc34849f8b39801c986cf487
Malware Config
Extracted
Family
gozi_ifsb
Botnet
4500
C2
app.buboleinov.com
chat.veminiare.com
chat.billionady.com
app3.maintorna.com
Attributes
-
build
250188
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 364 wrote to memory of 1140 364 rundll32.exe rundll32.exe PID 364 wrote to memory of 1140 364 rundll32.exe rundll32.exe PID 364 wrote to memory of 1140 364 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1140-114-0x0000000000000000-mapping.dmp
-
memory/1140-115-0x0000000072ED0000-0x0000000072EDE000-memory.dmpFilesize
56KB
-
memory/1140-116-0x0000000072ED0000-0x0000000073F40000-memory.dmpFilesize
16.4MB
-
memory/1140-117-0x00000000010A0000-0x00000000010A1000-memory.dmpFilesize
4KB