Analysis
-
max time kernel
32s -
max time network
133s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
05-07-2021 14:39
Static task
static1
Behavioral task
behavioral1
Sample
d1a5c.dll
Resource
win7v20210410
0 signatures
0 seconds
General
-
Target
d1a5c.dll
-
Size
420KB
-
MD5
d1a5cea82aad4498789085900147ca86
-
SHA1
9ba635f6bca95ccb96db70eb3247cc2191f2c7d3
-
SHA256
2d49495a14202da33b0d3215668e55cfe873e4deff2bfb892a6227fc23b936fe
-
SHA512
d11b5901c0793f53b19ef648cde8e1c588a1311bf77efcce9fa5cdf5f312fbdca27c56a1230329b758a8aa4043a81bd21cb530c5da4128ccce2aad3dca20c5fe
Malware Config
Extracted
Family
gozi_ifsb
Botnet
4500
C2
gtr.antoinfer.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1404 wrote to memory of 1828 1404 rundll32.exe rundll32.exe PID 1404 wrote to memory of 1828 1404 rundll32.exe rundll32.exe PID 1404 wrote to memory of 1828 1404 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1828-114-0x0000000000000000-mapping.dmp
-
memory/1828-115-0x0000000004630000-0x0000000004731000-memory.dmpFilesize
1.0MB
-
memory/1828-117-0x0000000004631000-0x000000000467A000-memory.dmpFilesize
292KB
-
memory/1828-116-0x0000000004630000-0x000000000463D000-memory.dmpFilesize
52KB
-
memory/1828-118-0x0000000000C00000-0x0000000000D4A000-memory.dmpFilesize
1.3MB