Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    52s
  • max time network
    74s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    23-06-2022 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cfc28c18307134fd44181c705df55653e24114fe5c58788c18f50613ae08da01.exe

  • Size

    647KB

  • MD5

    0db1f05c21f621b8ff4ec4b958d62000

  • SHA1

    9e03ea20ab36ebd07e887d5d5a8467d266908b31

  • SHA256

    cfc28c18307134fd44181c705df55653e24114fe5c58788c18f50613ae08da01

  • SHA512

    dd7107d9f4e313f85083e7f9710e38022873c22642f8a1a04f35f08285852aef2b2c271168f8af0fd8c62c179e3af7ab7a3d1b51a3441bd072544a0ff3ef07ac

Score
10/10
gozi_ifsb20000bankertrojan

Malware Config

Extracted

Family

gozi_ifsb

Botnet

20000

C2

apghn.msn.com

188.126.76.221
Attributes
  • base_path

    /budweiser/

  • build

    250235

  • exe_type

    loader

  • extension

    .bbu

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cfc28c18307134fd44181c705df55653e24114fe5c58788c18f50613ae08da01.exe
    "C:\Users\Admin\AppData\Local\Temp\cfc28c18307134fd44181c705df55653e24114fe5c58788c18f50613ae08da01.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3948
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:2484
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 292
        2⤵
        • Program crash
        PID:4728

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2484-152-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-154-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-160-0x0000000004FE0000-0x0000000004FED000-memory.dmp
      Filesize

      52KB

      Download
    • memory/2484-139-0x0000000000401D58-mapping.dmp
      Download
    • memory/2484-141-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-143-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-158-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-157-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-156-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-150-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-155-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2484-148-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-153-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-151-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-131-0x0000000000400000-0x000000000040F000-memory.dmp
      Filesize

      60KB

      Download
    • memory/2484-140-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-159-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-149-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-146-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-142-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2484-145-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-125-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-122-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-120-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-117-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-130-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-129-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-128-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-127-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-118-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-126-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-124-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-123-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-121-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/3948-119-0x0000000077CA0000-0x0000000077E2E000-memory.dmp
      Filesize

      1.6MB

      Download