Analysis
-
max time kernel
27s -
max time network
124s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
21-06-2021 20:05
Static task
static1
Behavioral task
behavioral1
Sample
bytesRCount.jpg.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
bytesRCount.jpg.dll
-
Size
306KB
-
MD5
49af33aa7ecc1a785c1fe96c1946aad1
-
SHA1
8c2d963af567367151400c4558e21e5711d1707d
-
SHA256
2da9852912cf01db29e1b3db4a1b9599979ac3c63a6522f5a4a771938c2b36db
-
SHA512
dab397abb7c719f28b60e3726f54e2e60be871ca63d0a22d170c55074dc87bddbdb6f56d279b913d340d820e0ebe7214196b0de6bce7d40d3acd301bef759d81
Malware Config
Extracted
Family
gozi_ifsb
Botnet
6000
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1852 wrote to memory of 1636 1852 rundll32.exe rundll32.exe PID 1852 wrote to memory of 1636 1852 rundll32.exe rundll32.exe PID 1852 wrote to memory of 1636 1852 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1636-114-0x0000000000000000-mapping.dmp
-
memory/1636-115-0x0000000073DC0000-0x0000000073DCD000-memory.dmpFilesize
52KB
-
memory/1636-116-0x0000000073DC0000-0x0000000073EAA000-memory.dmpFilesize
936KB
-
memory/1636-117-0x0000000000600000-0x0000000000601000-memory.dmpFilesize
4KB