Analysis
-
max time kernel
69s -
max time network
73s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-06-2022 20:58
General
-
Target
3826eaaa25706b14fea08710bf8a6b19c0a88668b005ef018ad7eb1e5825f8bf.exe
-
Size
203KB
-
MD5
ee5f58273ef389898faa72b7c5f702e3
-
SHA1
384e5d9e4b8fea10479f781fda450e3ad906d39f
-
SHA256
3826eaaa25706b14fea08710bf8a6b19c0a88668b005ef018ad7eb1e5825f8bf
-
SHA512
924740e20f8e94cd59870b9c2e60062796ab2ee4f0ea032b08e5d90b4274b59240d767bc41dba1ba45f72970ec3f655522d38e9497d47a0776f2a0f353331574
Score
10/10
Malware Config
Extracted
Family
gozi_ifsb
Attributes
-
build
215165
Extracted
Family
gozi_ifsb
Botnet
3162
C2
menehleibe.com
liemuteste.com
thulligend.com
Attributes
-
build
215165
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
Processes
-
C:\Users\Admin\AppData\Local\Temp\3826eaaa25706b14fea08710bf8a6b19c0a88668b005ef018ad7eb1e5825f8bf.exe"C:\Users\Admin\AppData\Local\Temp\3826eaaa25706b14fea08710bf8a6b19c0a88668b005ef018ad7eb1e5825f8bf.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4840-130-0x0000000000400000-0x000000000043F000-memory.dmpFilesize
252KB
-
memory/4840-131-0x0000000000400000-0x000000000040F000-memory.dmpFilesize
60KB
-
memory/4840-132-0x0000000000400000-0x000000000043F000-memory.dmpFilesize
252KB
-
memory/4840-133-0x0000000000400000-0x000000000043F000-memory.dmpFilesize
252KB
-
memory/4840-134-0x00000000020A0000-0x00000000020BB000-memory.dmpFilesize
108KB
-
memory/4840-137-0x0000000000400000-0x000000000043F000-memory.dmpFilesize
252KB