Analysis
-
max time kernel
42s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-07-2022 18:44
General
-
Target
3ad271f0c2f68dcc879452a96348a3fca0d8686472543c81e870f7ab366f3d39.exe
-
Size
273KB
-
MD5
a818adf566140e69834a6d91d7e85cd8
-
SHA1
022b36c5f2e9b98f46ee1bd6c39a06e817a16d50
-
SHA256
3ad271f0c2f68dcc879452a96348a3fca0d8686472543c81e870f7ab366f3d39
-
SHA512
6a189a79597433c722afe607cee064e60287c6b2c470e88c9a54932a9f12a3f7c57be0a9d3e69834df34368785ce3df131afedc8d8cd40fdd5a4024945c6df55
Score
10/10
Malware Config
Extracted
Family
gozi_ifsb
Botnet
3470
C2
google.com
gmail.com
zkeaganarlie.xyz
qwptke.club
dihtmkaden1.club
Attributes
-
build
214085
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ad271f0c2f68dcc879452a96348a3fca0d8686472543c81e870f7ab366f3d39.exe"C:\Users\Admin\AppData\Local\Temp\3ad271f0c2f68dcc879452a96348a3fca0d8686472543c81e870f7ab366f3d39.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4804-130-0x0000000002B71000-0x0000000002B80000-memory.dmpFilesize
60KB
-
memory/4804-131-0x0000000002B71000-0x0000000002B80000-memory.dmpFilesize
60KB
-
memory/4804-132-0x0000000002AE0000-0x0000000002AEB000-memory.dmpFilesize
44KB
-
memory/4804-133-0x0000000002AF0000-0x0000000002AFF000-memory.dmpFilesize
60KB
-
memory/4804-139-0x0000000000400000-0x0000000002846000-memory.dmpFilesize
36.3MB
-
memory/4804-140-0x0000000002B71000-0x0000000002B80000-memory.dmpFilesize
60KB
-
memory/4804-141-0x0000000000400000-0x0000000002846000-memory.dmpFilesize
36.3MB