Analysis
-
max time kernel
119s -
max time network
166s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
10-06-2021 19:02
Static task
static1
Behavioral task
behavioral1
Sample
xadar2.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
xadar2.dll
-
Size
599KB
-
MD5
19baa9539543713cae4729f6e8b391a4
-
SHA1
3b0e1f27ea4987c1351f7a3c2bfef42bca29968a
-
SHA256
7a37e6d1d52cc4dc8a62bc34bdf3d6af44685ef6ea57bbf7c37cc724b4453d57
-
SHA512
1395689dee159553a52d1858eb0f71295163ef24c1c926b2a24c22afb853a08efe5f3d21cae79dfb95147261ac3dc470096f9c99190dce634aa4891e655a1910
Malware Config
Extracted
Family
gozi_ifsb
Botnet
6000
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1668 wrote to memory of 2044 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2044 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2044 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2044 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2044 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2044 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2044 1668 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2044-59-0x0000000000000000-mapping.dmp
-
memory/2044-60-0x00000000753B1000-0x00000000753B3000-memory.dmpFilesize
8KB
-
memory/2044-62-0x0000000074B10000-0x0000000074BF9000-memory.dmpFilesize
932KB
-
memory/2044-61-0x0000000074B10000-0x0000000074B1D000-memory.dmpFilesize
52KB
-
memory/2044-63-0x0000000000160000-0x0000000000161000-memory.dmpFilesize
4KB