Analysis
-
max time kernel
27s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
10-06-2021 20:05
Static task
static1
Behavioral task
behavioral1
Sample
soft.dll
Resource
win7v20210410
0 signatures
0 seconds
General
-
Target
soft.dll
-
Size
865KB
-
MD5
5ba7ac7fa4f9e831679832b6cc22aee8
-
SHA1
813df24ac22c2666b28bc3e7fb9bd1eef2a7f395
-
SHA256
d2c19ac3eace29239bf919c442556abf782da5953325ee6b2626482fbf442f29
-
SHA512
a345b0749d5745640fd7908cdb142960da22ac6029bafddc0666d11eb5033756c3cfde84d2fb94dcbf418df40d2ce49ec4a18b919714402b7045b96e619a27cd
Malware Config
Extracted
Family
gozi_ifsb
Botnet
1500
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2232 wrote to memory of 3480 2232 rundll32.exe rundll32.exe PID 2232 wrote to memory of 3480 2232 rundll32.exe rundll32.exe PID 2232 wrote to memory of 3480 2232 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3480-114-0x0000000000000000-mapping.dmp
-
memory/3480-116-0x0000000073590000-0x0000000073681000-memory.dmpFilesize
964KB
-
memory/3480-115-0x0000000073590000-0x000000007359D000-memory.dmpFilesize
52KB
-
memory/3480-117-0x0000000002390000-0x0000000002391000-memory.dmpFilesize
4KB