DllRegisterServer
Behavioral task
behavioral1
Sample
tmp/0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.exe.dll
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp/0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.exe.dll
Resource
win10-en-20211208
0 signatures
0 seconds
General
-
Target
tmp/0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.exe
-
Size
56KB
-
MD5
ef9b294be6e74fe143e7931ace3b5771
-
SHA1
1b8a2df55437454739f5a2c0a6f027db94b3ab1a
-
SHA256
0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d
-
SHA512
0d71afe65df3ff1ff208b98aaf6dcdfca6e525662ac21f5920367415176c5a993e65eed022047d0c4b4af4fcd923f4fd517e9aac96659fbf701c2c0ed062618e
Malware Config
Extracted
Family
gozi_ifsb
Botnet
1500
C2
authd.feronok.com
raw.pablowilliano.at
Attributes
-
build
250204
-
exe_type
loader
-
server_id
580
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi_ifsb family
Files
-
tmp/0d3716620264ae87b753d9b89f37b9b44f54a90b5df6dc93a8af9c7d1c23b87d.exe.dll windows x86 regsvr32
Exports
Exports