Analysis
-
max time kernel
13s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
10-06-2021 18:20
Static task
static1
Behavioral task
behavioral1
Sample
xadar5.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
xadar5.dll
-
Size
599KB
-
MD5
f65de6de03df304fa06f6908011f2713
-
SHA1
6bc18631dd4f9dac4af8e95b81a0d06aab636059
-
SHA256
8f92de808d26003355c0d9832c5a3dba3e337acae4935ccd7a37012aea681ca3
-
SHA512
56c9ce50c57c3419c046b6a928549c0f1c749eb3970eafa29e21a22cbbc477ad2138db0f1eb4e87e2a2d4c246b909e9ac8f4b4ec1604ef70a47b1bd84b1e578c
Malware Config
Extracted
Family
gozi_ifsb
Botnet
6000
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3988 wrote to memory of 2100 3988 rundll32.exe rundll32.exe PID 3988 wrote to memory of 2100 3988 rundll32.exe rundll32.exe PID 3988 wrote to memory of 2100 3988 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2100-114-0x0000000000000000-mapping.dmp
-
memory/2100-115-0x0000000073AC0000-0x0000000073ACD000-memory.dmpFilesize
52KB
-
memory/2100-116-0x0000000073AC0000-0x0000000073BA9000-memory.dmpFilesize
932KB
-
memory/2100-117-0x00000000006A0000-0x00000000006A1000-memory.dmpFilesize
4KB