Analysis
-
max time kernel
18s -
max time network
40s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
10-06-2021 14:33
Static task
static1
Behavioral task
behavioral1
Sample
xadar7.dll
Resource
win7v20210408
0 signatures
0 seconds
General
-
Target
xadar7.dll
-
Size
388KB
-
MD5
25c2e1969e16e6832b977cbad8a0d3bb
-
SHA1
26f454e0fcf8437ec9af2c54f07bdde2d0b2cd7e
-
SHA256
1fa8b3b4043467e12e94010460c7a141529677390a606299385c35b1d4e30a4c
-
SHA512
b0ac5766eb14b8e4f021ee3179d41df7398923e10add161890b95f293ec9c1e7b6237c7e72c5481121a15a58d0e36727b7d43a28b2707c13b321446105b6d353
Malware Config
Extracted
Family
gozi_ifsb
Botnet
6000
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1124 wrote to memory of 1360 1124 rundll32.exe rundll32.exe PID 1124 wrote to memory of 1360 1124 rundll32.exe rundll32.exe PID 1124 wrote to memory of 1360 1124 rundll32.exe rundll32.exe PID 1124 wrote to memory of 1360 1124 rundll32.exe rundll32.exe PID 1124 wrote to memory of 1360 1124 rundll32.exe rundll32.exe PID 1124 wrote to memory of 1360 1124 rundll32.exe rundll32.exe PID 1124 wrote to memory of 1360 1124 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1360-60-0x0000000000000000-mapping.dmp
-
memory/1360-61-0x0000000074D91000-0x0000000074D93000-memory.dmpFilesize
8KB
-
memory/1360-63-0x0000000074520000-0x00000000745CF000-memory.dmpFilesize
700KB
-
memory/1360-62-0x0000000074520000-0x000000007452D000-memory.dmpFilesize
52KB
-
memory/1360-64-0x0000000000160000-0x0000000000161000-memory.dmpFilesize
4KB