Analysis
-
max time kernel
13s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
10-06-2021 17:23
Static task
static1
Behavioral task
behavioral1
Sample
xadar8.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
xadar8.dll
-
Size
599KB
-
MD5
d73b40b069792b8535ecc530a5e77942
-
SHA1
7844a90b3c4c8b5ca11197bfd458025edcf0506d
-
SHA256
2aba8bfb0661db54f5cd2102453b791f9bbb1418bc6cd00a2e0124f0923824e0
-
SHA512
bba470060653d428242afb34ae6edd83f27abb3bf5049bf401d50299681a7da735e3084b910361c35e7216ceb25ebf72429429a45b9a3b3a702a1b54b31b5592
Malware Config
Extracted
Family
gozi_ifsb
Botnet
6000
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3988 wrote to memory of 3240 3988 rundll32.exe rundll32.exe PID 3988 wrote to memory of 3240 3988 rundll32.exe rundll32.exe PID 3988 wrote to memory of 3240 3988 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3240-114-0x0000000000000000-mapping.dmp
-
memory/3240-116-0x0000000073AC0000-0x0000000073BA9000-memory.dmpFilesize
932KB
-
memory/3240-115-0x0000000073AC0000-0x0000000073ACD000-memory.dmpFilesize
52KB
-
memory/3240-117-0x0000000002ED0000-0x0000000002ED1000-memory.dmpFilesize
4KB