Analysis
-
max time kernel
113s -
max time network
124s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
26-10-2021 13:04
Static task
static1
Behavioral task
behavioral1
Sample
6177fc626d11c.dll
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
General
-
Target
6177fc626d11c.dll
-
Size
467KB
-
MD5
a04500c9a6a2b7b68297b5de2f340804
-
SHA1
37830ec36c04565da1d3378ed78c64c65e26699b
-
SHA256
c8cbf6b7c7dd4a902c31d1f14f508f6267f50d55bb84c306d6c16b6bf43b4107
-
SHA512
d5d4a2e3cec11033bf9a6c729f6ff47b8a117c7790d5e0d97c93bc06c31710bf3e9fb886df10ac3a347defcd5c73cbade9bd9c65e6520dbd155ed23344ba8227
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8899
C2
msn.com/mail
realitystorys.com
outlook.com/signup
gderrrpololo.net
Attributes
-
build
260212
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3080 wrote to memory of 4044 3080 rundll32.exe rundll32.exe PID 3080 wrote to memory of 4044 3080 rundll32.exe rundll32.exe PID 3080 wrote to memory of 4044 3080 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4044-115-0x0000000000000000-mapping.dmp
-
memory/4044-116-0x0000000074260000-0x00000000742E5000-memory.dmpFilesize
532KB
-
memory/4044-117-0x0000000074260000-0x000000007426F000-memory.dmpFilesize
60KB
-
memory/4044-118-0x0000000074260000-0x00000000742E5000-memory.dmpFilesize
532KB
-
memory/4044-119-0x0000000000580000-0x0000000000581000-memory.dmpFilesize
4KB