Overview

overview

10

Static

static

status.dll

windows7_x64

10

status.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    4294183s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    15-03-2022 09:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    status.dll

  • Size

    1.2MB

  • MD5

    8a3d8b5dd1f2022eaf5a9b7232aaab1e

  • SHA1

    9107b239f7365d6e30416f28bcd8edbd5d7ce632

  • SHA256

    388022f82cf14f03e13aac05209d02e26685ae97c45077b64bdbab3e7fa44f17

  • SHA512

    83af65f3b007ec6304f5b1af5d0d9a1fcadc7046bb1f785c04c110d80b6a1db82aec0adb3ad8e2dd4222980bf4391314cb07539ae4af141e014f7a20d3c5b908

Score
10/10
gozi_ifsb7623bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7623

C2

atmosphera.top

linkspremium.ru

premiumlists.ru
Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\status.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\status.dll
      2⤵
        PID:1992

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1988-54-0x000007FEFB9B1000-0x000007FEFB9B3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1992-55-0x0000000075931000-0x0000000075933000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1992-56-0x0000000000290000-0x0000000000310000-memory.dmp
      Filesize

      512KB

      Download
    • memory/1992-57-0x0000000074480000-0x00000000745B9000-memory.dmp
      Filesize

      1.2MB

      Download