Analysis
-
max time kernel
20s -
max time network
126s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
14-06-2021 19:31
Static task
static1
Behavioral task
behavioral1
Sample
Selkirk.ttf.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
Selkirk.ttf.dll
-
Size
374KB
-
MD5
81127b25e86fc1c34d4b3c234bbb7650
-
SHA1
97e8acc57e840ccc2a5caec350b69560f9d64abe
-
SHA256
3d08389e485bae1170d17e1966af51b7f174c98d1b9dafc4d25873eb70d4d735
-
SHA512
c2dcf05d65baaab85309d912dbfe01193a99ab0ac6a06ab361edab95a2dc246e56dc782e7c5235a541b8dea62a1b9c86f6211a0a7e6b6a2d197066d010d02d3d
Malware Config
Extracted
Family
gozi_ifsb
Botnet
4500
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3872 wrote to memory of 4028 3872 rundll32.exe rundll32.exe PID 3872 wrote to memory of 4028 3872 rundll32.exe rundll32.exe PID 3872 wrote to memory of 4028 3872 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4028-114-0x0000000000000000-mapping.dmp
-
memory/4028-116-0x00000000739F0000-0x0000000073A95000-memory.dmpFilesize
660KB
-
memory/4028-115-0x00000000739F0000-0x00000000739FD000-memory.dmpFilesize
52KB
-
memory/4028-117-0x00000000031F0000-0x00000000031F1000-memory.dmpFilesize
4KB