Analysis
-
max time kernel
16s -
max time network
47s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-06-2022 10:12
General
-
Target
397d42912f4ec63c0f40fe948b3aea496aecc37d73de118c83980cffe8c4eb19.exe
-
Size
203KB
-
MD5
e3616c0e31252988035204581a2196fa
-
SHA1
5318f434d42486c93d5886b9ba2132adda38ddbf
-
SHA256
397d42912f4ec63c0f40fe948b3aea496aecc37d73de118c83980cffe8c4eb19
-
SHA512
3c406e7ef3ebf40dbc39608424992b436432788831c1ea5304473cc06f95c681d68ae26167d022ee38563666f9a4d63a7de213fef6948ff3d008db47989ce454
Score
10/10
Malware Config
Extracted
Family
gozi_ifsb
Attributes
-
build
215165
Extracted
Family
gozi_ifsb
Botnet
3162
C2
menehleibe.com
liemuteste.com
thulligend.com
Attributes
-
build
215165
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
Processes
-
C:\Users\Admin\AppData\Local\Temp\397d42912f4ec63c0f40fe948b3aea496aecc37d73de118c83980cffe8c4eb19.exe"C:\Users\Admin\AppData\Local\Temp\397d42912f4ec63c0f40fe948b3aea496aecc37d73de118c83980cffe8c4eb19.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
252KB
-
Filesize
60KB
-
Filesize
108KB