Malware Analysis Report

2025-06-16 04:55

Sample ID 220614-3qgcraehc4
Target 2c25565a6d02c36444f03c5ba87205130bafd23d6eda9d00c6968c1a58c36827
SHA256 2c25565a6d02c36444f03c5ba87205130bafd23d6eda9d00c6968c1a58c36827
Tags
gozi_ifsb 2228 banker trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c25565a6d02c36444f03c5ba87205130bafd23d6eda9d00c6968c1a58c36827

Threat Level: Known bad

The file 2c25565a6d02c36444f03c5ba87205130bafd23d6eda9d00c6968c1a58c36827 was found to be: Known bad.

Malicious Activity Summary

gozi_ifsb 2228 banker trojan

Gozi, Gozi IFSB

Program crash

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-06-14 23:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-06-14 23:42

Reported

2022-06-15 03:31

Platform

win7-20220414-en

Max time kernel

49s

Max time network

46s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2c25565a6d02c36444f03c5ba87205130bafd23d6eda9d00c6968c1a58c36827.exe"

Signatures

Gozi, Gozi IFSB

banker trojan gozi_ifsb

Processes

C:\Users\Admin\AppData\Local\Temp\2c25565a6d02c36444f03c5ba87205130bafd23d6eda9d00c6968c1a58c36827.exe

"C:\Users\Admin\AppData\Local\Temp\2c25565a6d02c36444f03c5ba87205130bafd23d6eda9d00c6968c1a58c36827.exe"

Network

N/A

Files

memory/1612-54-0x0000000000820000-0x000000000082E000-memory.dmp

memory/1612-55-0x0000000000820000-0x00000000017A9000-memory.dmp

memory/1612-56-0x0000000000100000-0x000000000010F000-memory.dmp

memory/1612-62-0x0000000000820000-0x00000000017A9000-memory.dmp

memory/1612-63-0x0000000000820000-0x00000000017A9000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-06-14 23:42

Reported

2022-06-15 03:31

Platform

win10v2004-20220414-en

Max time kernel

135s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2c25565a6d02c36444f03c5ba87205130bafd23d6eda9d00c6968c1a58c36827.exe"

Signatures

Gozi, Gozi IFSB

banker trojan gozi_ifsb

Processes

C:\Users\Admin\AppData\Local\Temp\2c25565a6d02c36444f03c5ba87205130bafd23d6eda9d00c6968c1a58c36827.exe

"C:\Users\Admin\AppData\Local\Temp\2c25565a6d02c36444f03c5ba87205130bafd23d6eda9d00c6968c1a58c36827.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3468 -ip 3468

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 212

Network

Country Destination Domain Proto
GB 92.123.143.240:80 tcp
GB 92.123.143.240:80 tcp
GB 92.123.143.240:80 tcp
US 20.189.173.10:443 tcp
US 8.8.8.8:53 14.110.152.52.in-addr.arpa udp
US 8.253.135.120:80 tcp
US 8.253.135.120:80 tcp

Files

memory/3468-130-0x0000000000350000-0x000000000035E000-memory.dmp

memory/3468-131-0x0000000000350000-0x00000000012D9000-memory.dmp

memory/3468-132-0x0000000000350000-0x00000000012D9000-memory.dmp

memory/3468-133-0x0000000001770000-0x000000000177F000-memory.dmp

memory/3468-139-0x0000000000350000-0x00000000012D9000-memory.dmp