Analysis
-
max time kernel
18s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
28-07-2021 09:58
Static task
static1
Behavioral task
behavioral1
Sample
610113e3e6859.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
610113e3e6859.dll
-
Size
543KB
-
MD5
ae97252af977c7e64b2eeca6140e129e
-
SHA1
269f90889d519741b79e52ea427fbc37e6a01868
-
SHA256
9314c01984c89151f6d4624acad638fe054b3036fcc5115271cb598954c20070
-
SHA512
07fb03be2fbb630d17b832550b774d1f416db84b7dfe05c552ee79a752892b567f49989a1f2dd4b3e6f12cffd55ab312ae76511e841fb22c9e31eba109e8a1c5
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8877
C2
outlook.com
zaluoa.live
daskdjknefjkewfnkjwe.net
Attributes
-
build
250207
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 656 wrote to memory of 1512 656 rundll32.exe rundll32.exe PID 656 wrote to memory of 1512 656 rundll32.exe rundll32.exe PID 656 wrote to memory of 1512 656 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1512-114-0x0000000000000000-mapping.dmp
-
memory/1512-116-0x0000000074340000-0x0000000074464000-memory.dmpFilesize
1.1MB
-
memory/1512-115-0x0000000074340000-0x000000007434F000-memory.dmpFilesize
60KB
-
memory/1512-117-0x0000000000400000-0x000000000054A000-memory.dmpFilesize
1.3MB