Analysis
-
max time kernel
111s -
max time network
123s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
30-11-2021 18:46
Static task
static1
Behavioral task
behavioral1
Sample
0a0b68ae75cac98bb3ebf8cdd35b63cf.dll
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
General
-
Target
0a0b68ae75cac98bb3ebf8cdd35b63cf.dll
-
Size
118KB
-
MD5
0a0b68ae75cac98bb3ebf8cdd35b63cf
-
SHA1
535d02eeace5fec8f92594a07d7fc55aec472c47
-
SHA256
f7d8d6786f0665412998662ed0fe90bb9cf165caf878d236637a055106eeaf9e
-
SHA512
5060c9559d3d37cb616f3d9fe6367ba8a2fe31ad11f2a342c5e6a7150e52ab4cbd35967e9ede9f8c3ee55030c7239a32f44c3c8d5abc6c0c6072c374645d589e
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8899
C2
microsoft.com/windowsdisabler
bvolebukoneh.site
karfaganda.com
Attributes
-
build
260216
-
dga_season
10
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 3476 wrote to memory of 3128 3476 regsvr32.exe regsvr32.exe PID 3476 wrote to memory of 3128 3476 regsvr32.exe regsvr32.exe PID 3476 wrote to memory of 3128 3476 regsvr32.exe regsvr32.exe