Analysis
-
max time kernel
146s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
05-07-2021 15:02
Static task
static1
Behavioral task
behavioral1
Sample
3b17.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
3b17.dll
-
Size
607KB
-
MD5
3b17fcc55cee8cbe4cd1b443f358c36d
-
SHA1
45d1e652f282a94b37ac32afb62ff563afb2fb39
-
SHA256
9ae13bdb906bf774982242a378a20fb25da3e29dd7b5e1acd2531562319edba6
-
SHA512
6b299214396c3ea94d01f7211ffed949f4e615c12586d2191b633c12f6d7d2881c01bc2d1b360bf05d15b58c604104e222d7f33297e63c067144de4bf2c5c337
Malware Config
Extracted
Family
gozi_ifsb
Botnet
6000
C2
gtr.antoinfer.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 636 wrote to memory of 1308 636 rundll32.exe rundll32.exe PID 636 wrote to memory of 1308 636 rundll32.exe rundll32.exe PID 636 wrote to memory of 1308 636 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1308-114-0x0000000000000000-mapping.dmp
-
memory/1308-115-0x00000000741C0000-0x00000000741CD000-memory.dmpFilesize
52KB
-
memory/1308-116-0x00000000741C0000-0x00000000742F0000-memory.dmpFilesize
1.2MB
-
memory/1308-117-0x00000000029F0000-0x00000000029F1000-memory.dmpFilesize
4KB