Analysis
-
max time kernel
4294182s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
23/03/2022, 09:48
Static task
static1
Behavioral task
behavioral1
Sample
readme.dll
Resource
win7-20220311-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
readme.dll
Resource
win10v2004-20220310-en
0 signatures
0 seconds
General
-
Target
readme.dll
-
Size
471KB
-
MD5
fbc2f28e187edcc6ddf89989ff8e591f
-
SHA1
a322761d2f8eb898810454f545e8646495e98fea
-
SHA256
77457f0b7da19036041ca3a0071e141909d889eb7e2d28d6ad0df73bc3c81636
-
SHA512
6d04490602f0239dc823a5640793f5415597a70682d64b1620ae5006a351c70e232cb5c024caf2eff2ef2527d22ed321687dcde94b00877f8ecfc9ba788ae0de
Malware Config
Extracted
Family
gozi_ifsb
Botnet
7627
C2
vilogerta.top
linkspremium.ru
premiumlists.ru
Attributes
-
base_path
/drew/
-
build
250225
-
exe_type
loader
-
extension
.jlk
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1960 wrote to memory of 1968 1960 rundll32.exe 27 PID 1960 wrote to memory of 1968 1960 rundll32.exe 27 PID 1960 wrote to memory of 1968 1960 rundll32.exe 27 PID 1960 wrote to memory of 1968 1960 rundll32.exe 27 PID 1960 wrote to memory of 1968 1960 rundll32.exe 27 PID 1960 wrote to memory of 1968 1960 rundll32.exe 27 PID 1960 wrote to memory of 1968 1960 rundll32.exe 27