Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
22-11-2021 12:48
Static task
static1
Behavioral task
behavioral1
Sample
b39e97bde83db04c795d18b8f67e19ea.dll
Resource
win7-en-20211104
General
-
Target
b39e97bde83db04c795d18b8f67e19ea.dll
-
Size
133KB
-
MD5
b39e97bde83db04c795d18b8f67e19ea
-
SHA1
d790b9fc4b6e37035357f1bcf3948b66c6931f15
-
SHA256
bce328beb9ae78ec279dc17bf701d58cb1cfa12ff570b00c78c0ada6893c80cf
-
SHA512
23839fbd59a5cefe9092e210a8abec08999f51a033f0ee44e6e008a4e6bf74b91eb6498b6ab756cc2bda242149c3a382a7cd0ad0d7c783ec3f48f7c95128fc54
Malware Config
Extracted
gozi_ifsb
8899
microsoft.com/windowsdisabler
https://technoshoper.com
https://avolebukoneh.website
http://technoshoper.com
http://avolebukoneh.website
-
build
260216
-
dga_season
10
-
exe_type
loader
-
server_id
12
Signatures
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 2500 wrote to memory of 2636 2500 regsvr32.exe regsvr32.exe PID 2500 wrote to memory of 2636 2500 regsvr32.exe regsvr32.exe PID 2500 wrote to memory of 2636 2500 regsvr32.exe regsvr32.exe