Analysis
-
max time kernel
31s -
max time network
55s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
05-07-2021 14:39
Static task
static1
Behavioral task
behavioral1
Sample
d1a5c.dll
Resource
win7v20210410
0 signatures
0 seconds
General
-
Target
d1a5c.dll
-
Size
420KB
-
MD5
d1a5cea82aad4498789085900147ca86
-
SHA1
9ba635f6bca95ccb96db70eb3247cc2191f2c7d3
-
SHA256
2d49495a14202da33b0d3215668e55cfe873e4deff2bfb892a6227fc23b936fe
-
SHA512
d11b5901c0793f53b19ef648cde8e1c588a1311bf77efcce9fa5cdf5f312fbdca27c56a1230329b758a8aa4043a81bd21cb530c5da4128ccce2aad3dca20c5fe
Malware Config
Extracted
Family
gozi_ifsb
Botnet
4500
C2
gtr.antoinfer.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 288 wrote to memory of 2032 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 2032 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 2032 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 2032 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 2032 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 2032 288 rundll32.exe rundll32.exe PID 288 wrote to memory of 2032 288 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2032-61-0x0000000000890000-0x0000000000991000-memory.dmpFilesize
1.0MB
-
memory/2032-60-0x00000000753E1000-0x00000000753E3000-memory.dmpFilesize
8KB
-
memory/2032-59-0x0000000000000000-mapping.dmp
-
memory/2032-62-0x0000000000890000-0x000000000089D000-memory.dmpFilesize
52KB
-
memory/2032-63-0x00000000001F0000-0x00000000001F1000-memory.dmpFilesize
4KB