Analysis
-
max time kernel
24s -
max time network
114s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
23-06-2021 17:47
Static task
static1
Behavioral task
behavioral1
Sample
textual.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
textual.dll
-
Size
590KB
-
MD5
f1daeecad06895db6b2c94f7eb1028a1
-
SHA1
12713fcec29130f2baefac245b30b4686ed7bb9b
-
SHA256
c7ba05674f44747d5685f36313fc0a77bc5afea3035fa0d14ee2f4dbfbcbff5c
-
SHA512
b0e17110cc4749e15b5659aa6aa542286c9617ae291f5666b48131ad73fc4e6de1e61d4a4a8b163093ff41d3ec8ea05bb491bac17e20d9a0574acd912e44d6c0
Malware Config
Extracted
Family
gozi_ifsb
Botnet
4500
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.base64
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 856 wrote to memory of 1320 856 rundll32.exe rundll32.exe PID 856 wrote to memory of 1320 856 rundll32.exe rundll32.exe PID 856 wrote to memory of 1320 856 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1320-114-0x0000000000000000-mapping.dmp
-
memory/1320-115-0x0000000073E50000-0x0000000073E5D000-memory.dmpFilesize
52KB
-
memory/1320-116-0x0000000073E50000-0x0000000073F7C000-memory.dmpFilesize
1.2MB
-
memory/1320-117-0x0000000003710000-0x0000000003733000-memory.dmpFilesize
140KB