Analysis

  • max time kernel
    75s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    12/06/2022, 21:06

General

  • Target

    1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366.exe

  • Size

    485KB

  • MD5

    0b1bdab915aaf05735959aeae151d585

  • SHA1

    8142ee635539731fb7c1172cc83ec8e9c6d160eb

  • SHA256

    1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366

  • SHA512

    93bc78b841445be4d557353fbfaf694a78cfb7fdd3d1ebdb5d718dd67724b0ec10758a416211413e14b08b40bff51b3757b97de217d6a2a9db664c83f83038cb

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    215165

Extracted

Family

gozi_ifsb

Botnet

3140

C2

isatawatag.com

bosototsuy.com

atamekihok.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366.exe
    "C:\Users\Admin\AppData\Local\Temp\1e71d36681cdac7f4b65e93bb7506a5db337d58d34639dd5b3ad30459cdbd366.exe"
    1⤵
      PID:1464

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1464-131-0x0000000000620000-0x00000000006A4000-memory.dmp

            Filesize

            528KB

          • memory/1464-130-0x0000000000620000-0x000000000062F000-memory.dmp

            Filesize

            60KB

          • memory/1464-132-0x00000000011D0000-0x00000000011EB000-memory.dmp

            Filesize

            108KB