Analysis
-
max time kernel
68s -
max time network
24s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
08/02/2022, 00:40
Static task
static1
Behavioral task
behavioral1
Sample
urban.dll
Resource
win7-en-20211208
0 signatures
0 seconds
General
-
Target
urban.dll
-
Size
405KB
-
MD5
8f6c878f21174f803a7879a4aee87b34
-
SHA1
9f3bff82262133c9325bdebd282b71b58695906e
-
SHA256
86b670d81a26ea394f7c0edebdc93e8f9bd6ce6e0a8d650e32a0fe36c93f0dee
-
SHA512
8253513edf2e6f5b4890400aea147fea6f9467a2495f68ea2296e73a41fafbd635d6455336ab1a5a4e31a8059b75ad835aa17c9ba7f1fbbb416a4cc672f1f3d0
Malware Config
Extracted
Family
gozi_ifsb
Botnet
1100
C2
api10.laptok.at/api1
golang.feel500.at/api1
go.in100k.at/api1
Attributes
-
build
250180
-
exe_type
loader
-
server_id
730
rsa_pubkey.plain
serpent.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1588 wrote to memory of 1688 1588 rundll32.exe 27 PID 1588 wrote to memory of 1688 1588 rundll32.exe 27 PID 1588 wrote to memory of 1688 1588 rundll32.exe 27 PID 1588 wrote to memory of 1688 1588 rundll32.exe 27 PID 1588 wrote to memory of 1688 1588 rundll32.exe 27 PID 1588 wrote to memory of 1688 1588 rundll32.exe 27 PID 1588 wrote to memory of 1688 1588 rundll32.exe 27