Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
23-11-2021 08:48
General
-
Target
cbe2a109ef92af54de51a534980151a7.dll
-
Size
123KB
-
MD5
cbe2a109ef92af54de51a534980151a7
-
SHA1
e71ab85a35df851229f87fde059ad35ed167bdbc
-
SHA256
450a436cf830b03533a2ce0d8d40724d61c8b0e5f8164413c05d2c870b4ba8eb
-
SHA512
c30e3d42ed63a1327088111cc7ad3baa11149d5a9c9b7778a7561bc67a38c07be01978654128f29486c595441cc13a82ceaf6026ec9b04bbf5e2f1fd01c06020
Score
10/10
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8899
C2
microsoft.com/windowsdisabler
https://technoshoper.com
https://avolebukoneh.website
http://technoshoper.com
http://avolebukoneh.website
Attributes
-
build
260216
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\cbe2a109ef92af54de51a534980151a7.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\cbe2a109ef92af54de51a534980151a7.dll2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1860-118-0x0000000000000000-mapping.dmp
-
memory/1860-119-0x0000000002FA0000-0x0000000002FAF000-memory.dmpFilesize
60KB