Analysis
-
max time kernel
25s -
max time network
12s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
21-06-2021 13:09
Static task
static1
Behavioral task
behavioral1
Sample
focy1.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
focy1.dll
-
Size
306KB
-
MD5
81a57502787fd832d141625494bc6e61
-
SHA1
73025e06eb644652e5f43d050663b041f687e53f
-
SHA256
e1c8e34791daee490ba154c10dddf0d43d4cc6910fb08debbd5c722e722ea551
-
SHA512
aecdf00d939762880c15de0f9377d1a3d4dcbe5f9bbd8d272003bfccc38f7314c862c45e0e387ef7d3ac13bb289136f39b32b7869ee22dd1175577d939c0dada
Malware Config
Extracted
Family
gozi_ifsb
Botnet
6000
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 452 wrote to memory of 2032 452 rundll32.exe 26 PID 452 wrote to memory of 2032 452 rundll32.exe 26 PID 452 wrote to memory of 2032 452 rundll32.exe 26 PID 452 wrote to memory of 2032 452 rundll32.exe 26 PID 452 wrote to memory of 2032 452 rundll32.exe 26 PID 452 wrote to memory of 2032 452 rundll32.exe 26 PID 452 wrote to memory of 2032 452 rundll32.exe 26