Analysis
-
max time kernel
26s -
max time network
41s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
06-07-2021 16:21
General
-
Target
a58f423a00ca933ae2898803bd1b3a07a2cd76ef1aa0d5de69905d80a096874c.dll
-
Size
306KB
-
MD5
98d030eeefc3536d68ccb9ae3a2d1502
-
SHA1
9f7d95691e0116f7c0d0f222de2149b073ef6cb6
-
SHA256
a58f423a00ca933ae2898803bd1b3a07a2cd76ef1aa0d5de69905d80a096874c
-
SHA512
bbfbd2525c24a5c0474d001f61edabed1ff05f83fb574eb16790e36298da80d8a56d10f28582340f438a3483d232a4efd19055b687fc773aef25856148c2ba52
Score
10/10
Malware Config
Extracted
Family
gozi_ifsb
Botnet
6000
C2
authd.feronok.com
app.bighomegl.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a58f423a00ca933ae2898803bd1b3a07a2cd76ef1aa0d5de69905d80a096874c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a58f423a00ca933ae2898803bd1b3a07a2cd76ef1aa0d5de69905d80a096874c.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1792-59-0x0000000000000000-mapping.dmp
-
memory/1792-60-0x0000000075411000-0x0000000075413000-memory.dmpFilesize
8KB
-
memory/1792-61-0x00000000748E0000-0x00000000748ED000-memory.dmpFilesize
52KB
-
memory/1792-62-0x00000000748E0000-0x00000000749CA000-memory.dmpFilesize
936KB
-
memory/1792-63-0x00000000000F0000-0x00000000000F1000-memory.dmpFilesize
4KB