Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
23-11-2021 08:48
Static task
static1
Behavioral task
behavioral1
Sample
cbe2a109ef92af54de51a534980151a7.dll
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
General
-
Target
cbe2a109ef92af54de51a534980151a7.dll
-
Size
123KB
-
MD5
cbe2a109ef92af54de51a534980151a7
-
SHA1
e71ab85a35df851229f87fde059ad35ed167bdbc
-
SHA256
450a436cf830b03533a2ce0d8d40724d61c8b0e5f8164413c05d2c870b4ba8eb
-
SHA512
c30e3d42ed63a1327088111cc7ad3baa11149d5a9c9b7778a7561bc67a38c07be01978654128f29486c595441cc13a82ceaf6026ec9b04bbf5e2f1fd01c06020
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8899
C2
microsoft.com/windowsdisabler
https://technoshoper.com
https://avolebukoneh.website
http://technoshoper.com
http://avolebukoneh.website
Attributes
-
build
260216
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 4024 wrote to memory of 1860 4024 regsvr32.exe regsvr32.exe PID 4024 wrote to memory of 1860 4024 regsvr32.exe regsvr32.exe PID 4024 wrote to memory of 1860 4024 regsvr32.exe regsvr32.exe