Analysis
-
max time kernel
19s -
max time network
33s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
22-06-2021 09:03
Static task
static1
Behavioral task
behavioral1
Sample
60d1a6a1be17f.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
60d1a6a1be17f.dll
-
Size
349KB
-
MD5
af580b336ff6905cd6b28f2cbb74efad
-
SHA1
671119f873ad83df335b97af20c1381efa97f7dc
-
SHA256
913535ed97ea88e3b80fe9032698ff77d697243cd8badf34aa9870e18c689121
-
SHA512
ab949f7c5fce9ac8ab8ea4563bf581204b691a8d62f1727c5bec507093bfc6d80e4c6d8be9ef0aa6d7773c08e219fb11b9f63415c82010b12a2e379eb162aa08
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8877
C2
outlook.com
gerimerunollu.club
herimerunollu.club
Attributes
-
build
250206
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 1700 wrote to memory of 1072 1700 rundll32.exe 25 PID 1700 wrote to memory of 1072 1700 rundll32.exe 25 PID 1700 wrote to memory of 1072 1700 rundll32.exe 25 PID 1700 wrote to memory of 1072 1700 rundll32.exe 25 PID 1700 wrote to memory of 1072 1700 rundll32.exe 25 PID 1700 wrote to memory of 1072 1700 rundll32.exe 25 PID 1700 wrote to memory of 1072 1700 rundll32.exe 25