Analysis
-
max time kernel
17s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
10-08-2021 08:25
Static task
static1
Behavioral task
behavioral1
Sample
611237846402f.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
611237846402f.dll
-
Size
568KB
-
MD5
07684da40ad79495b5db6ddcf723bd8e
-
SHA1
7a7b3294628bd170ae0ca85ec533be7e0d409053
-
SHA256
683f12747c11016669f9a7413b8975c615f39d2d530b1825eff8a36479e303ff
-
SHA512
23864fd1e5cb5860264631d7da50990a12d4f8aabac6b761f6e44e56b4be16263d5589978265b63b1ad4af10452bddc72f73845f03a683d2efd4344521eefb00
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8877
C2
outlook.com
boyuleruner.online
coyuleruner.online
Attributes
-
build
250207
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4020 wrote to memory of 588 4020 rundll32.exe rundll32.exe PID 4020 wrote to memory of 588 4020 rundll32.exe rundll32.exe PID 4020 wrote to memory of 588 4020 rundll32.exe rundll32.exe