Analysis
-
max time kernel
17s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
14-06-2021 15:19
Static task
static1
Behavioral task
behavioral1
Sample
globalCounter.jpg.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
globalCounter.jpg.dll
-
Size
623KB
-
MD5
14549a6ccc41deaf7ccf9abd4c5ae61a
-
SHA1
0d0e546d80f324b9fc024e7bf4850455647c31d8
-
SHA256
3aa3a80a403194be781482d4c954adc4ebd773cfd1fa008c2072c591b4bb5c5f
-
SHA512
9a050705504f6291509973a4da90c831e6e62726ef406b988425939872779dee5d0f25e7c31d723262fac3b000fda52c624bacf1466ab41796b86647ff7b3f2b
Malware Config
Extracted
Family
gozi_ifsb
Botnet
6000
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4060 wrote to memory of 2060 4060 rundll32.exe rundll32.exe PID 4060 wrote to memory of 2060 4060 rundll32.exe rundll32.exe PID 4060 wrote to memory of 2060 4060 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2060-114-0x0000000000000000-mapping.dmp
-
memory/2060-115-0x0000000074400000-0x000000007440D000-memory.dmpFilesize
52KB
-
memory/2060-116-0x0000000074400000-0x00000000744AF000-memory.dmpFilesize
700KB
-
memory/2060-117-0x0000000000400000-0x00000000004AE000-memory.dmpFilesize
696KB