Analysis
-
max time kernel
133s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
13/06/2022, 10:16
Static task
static1
Behavioral task
behavioral1
Sample
x610E.tmp.dll
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
x610E.tmp.dll
-
Size
480KB
-
MD5
fe2e50e674aceba23daa6c4e1501512e
-
SHA1
ecb3a334493b82335040ea3196ed053682bcaea3
-
SHA256
dd44995c4e6440c80669b0b16a53c2956b0675c9bb015a9e8037d8f487e604cf
-
SHA512
5090370c34eeb972d8d9a8e9883c6fdb6f78f4ca6bc1378a5456c1c6598ca8a44d6fff07529eeb0854814a72194f4d32bb25232e2633cc79137eae33be35e442
Malware Config
Extracted
Family
gozi_ifsb
Botnet
7634
C2
factorlink.top
factorline.top
mediumline.co
Attributes
-
base_path
/drew/
-
build
250229
-
exe_type
loader
-
extension
.jlk
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1056 wrote to memory of 912 1056 rundll32.exe 27 PID 1056 wrote to memory of 912 1056 rundll32.exe 27 PID 1056 wrote to memory of 912 1056 rundll32.exe 27 PID 1056 wrote to memory of 912 1056 rundll32.exe 27 PID 1056 wrote to memory of 912 1056 rundll32.exe 27 PID 1056 wrote to memory of 912 1056 rundll32.exe 27 PID 1056 wrote to memory of 912 1056 rundll32.exe 27